sync

lib/libcrypto/Makefile

@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.133 2023/06/29 06:12:04 tb Exp $
+# $OpenBSD: Makefile,v 1.136 2023/07/06 14:37:39 tb Exp $
 
 LIB=	crypto
 LIBREBUILD=y
@@ -195,6 +195,7 @@ SRCS+= bn_mont.c
 SRCS+= bn_mul.c
 SRCS+= bn_prime.c
 SRCS+= bn_primitives.c
+SRCS+= bn_print.c
 SRCS+= bn_rand.c
 SRCS+= bn_recp.c
 SRCS+= bn_shift.c
@@ -351,16 +352,14 @@ SRCS+= ecp_smpl.c
 SRCS+= ecx_methods.c
 
 # ecdh/
-SRCS+= ecdh_kdf.c
+SRCS+= ecdh.c
 SRCS+= ech_err.c
-SRCS+= ech_key.c
 SRCS+= ech_lib.c
 
 # ecdsa/
-SRCS+= ecs_asn1.c
 SRCS+= ecs_err.c
 SRCS+= ecs_lib.c
-SRCS+= ecs_ossl.c
+SRCS+= ecdsa.c
 
 # engine/
 SRCS+= eng_all.c

lib/libcrypto/Symbols.namespace

@@ -889,3 +889,377 @@ _libre_X509v3_addr_validate_path
 _libre_X509v3_asid_validate_resource_set
 _libre_X509v3_addr_validate_resource_set
 _libre_ERR_load_X509V3_strings
+_libre_ChaCha_set_key
+_libre_ChaCha_set_iv
+_libre_ChaCha
+_libre_CRYPTO_chacha_20
+_libre_CRYPTO_xchacha_20
+_libre_CRYPTO_hchacha_20
+_libre_d2i_ASN1_SEQUENCE_ANY
+_libre_i2d_ASN1_SEQUENCE_ANY
+_libre_d2i_ASN1_SET_ANY
+_libre_i2d_ASN1_SET_ANY
+_libre_ASN1_TYPE_new
+_libre_ASN1_TYPE_free
+_libre_d2i_ASN1_TYPE
+_libre_i2d_ASN1_TYPE
+_libre_ASN1_TYPE_get
+_libre_ASN1_TYPE_set
+_libre_ASN1_TYPE_set1
+_libre_ASN1_TYPE_cmp
+_libre_ASN1_OBJECT_new
+_libre_ASN1_OBJECT_free
+_libre_i2d_ASN1_OBJECT
+_libre_d2i_ASN1_OBJECT
+_libre_ASN1_STRING_new
+_libre_ASN1_STRING_free
+_libre_ASN1_STRING_copy
+_libre_ASN1_STRING_dup
+_libre_ASN1_STRING_type_new
+_libre_ASN1_STRING_cmp
+_libre_ASN1_STRING_set
+_libre_ASN1_STRING_set0
+_libre_ASN1_STRING_length
+_libre_ASN1_STRING_length_set
+_libre_ASN1_STRING_type
+_libre_ASN1_STRING_data
+_libre_ASN1_STRING_get0_data
+_libre_ASN1_BIT_STRING_new
+_libre_ASN1_BIT_STRING_free
+_libre_d2i_ASN1_BIT_STRING
+_libre_i2d_ASN1_BIT_STRING
+_libre_ASN1_BIT_STRING_set
+_libre_ASN1_BIT_STRING_set_bit
+_libre_ASN1_BIT_STRING_get_bit
+_libre_ASN1_BIT_STRING_check
+_libre_ASN1_BIT_STRING_name_print
+_libre_ASN1_BIT_STRING_num_asc
+_libre_ASN1_BIT_STRING_set_asc
+_libre_ASN1_INTEGER_new
+_libre_ASN1_INTEGER_free
+_libre_d2i_ASN1_INTEGER
+_libre_i2d_ASN1_INTEGER
+_libre_d2i_ASN1_UINTEGER
+_libre_ASN1_INTEGER_dup
+_libre_ASN1_INTEGER_cmp
+_libre_ASN1_ENUMERATED_new
+_libre_ASN1_ENUMERATED_free
+_libre_d2i_ASN1_ENUMERATED
+_libre_i2d_ASN1_ENUMERATED
+_libre_ASN1_UTCTIME_check
+_libre_ASN1_UTCTIME_set
+_libre_ASN1_UTCTIME_adj
+_libre_ASN1_UTCTIME_set_string
+_libre_ASN1_UTCTIME_cmp_time_t
+_libre_ASN1_GENERALIZEDTIME_check
+_libre_ASN1_GENERALIZEDTIME_set
+_libre_ASN1_GENERALIZEDTIME_adj
+_libre_ASN1_GENERALIZEDTIME_set_string
+_libre_ASN1_OCTET_STRING_new
+_libre_ASN1_OCTET_STRING_free
+_libre_d2i_ASN1_OCTET_STRING
+_libre_i2d_ASN1_OCTET_STRING
+_libre_ASN1_OCTET_STRING_dup
+_libre_ASN1_OCTET_STRING_cmp
+_libre_ASN1_OCTET_STRING_set
+_libre_ASN1_VISIBLESTRING_new
+_libre_ASN1_VISIBLESTRING_free
+_libre_d2i_ASN1_VISIBLESTRING
+_libre_i2d_ASN1_VISIBLESTRING
+_libre_ASN1_UNIVERSALSTRING_new
+_libre_ASN1_UNIVERSALSTRING_free
+_libre_d2i_ASN1_UNIVERSALSTRING
+_libre_i2d_ASN1_UNIVERSALSTRING
+_libre_ASN1_UTF8STRING_new
+_libre_ASN1_UTF8STRING_free
+_libre_d2i_ASN1_UTF8STRING
+_libre_i2d_ASN1_UTF8STRING
+_libre_ASN1_NULL_new
+_libre_ASN1_NULL_free
+_libre_d2i_ASN1_NULL
+_libre_i2d_ASN1_NULL
+_libre_ASN1_BMPSTRING_new
+_libre_ASN1_BMPSTRING_free
+_libre_d2i_ASN1_BMPSTRING
+_libre_i2d_ASN1_BMPSTRING
+_libre_ASN1_PRINTABLE_new
+_libre_ASN1_PRINTABLE_free
+_libre_d2i_ASN1_PRINTABLE
+_libre_i2d_ASN1_PRINTABLE
+_libre_DIRECTORYSTRING_new
+_libre_DIRECTORYSTRING_free
+_libre_d2i_DIRECTORYSTRING
+_libre_i2d_DIRECTORYSTRING
+_libre_DISPLAYTEXT_new
+_libre_DISPLAYTEXT_free
+_libre_d2i_DISPLAYTEXT
+_libre_i2d_DISPLAYTEXT
+_libre_ASN1_PRINTABLESTRING_new
+_libre_ASN1_PRINTABLESTRING_free
+_libre_d2i_ASN1_PRINTABLESTRING
+_libre_i2d_ASN1_PRINTABLESTRING
+_libre_ASN1_T61STRING_new
+_libre_ASN1_T61STRING_free
+_libre_d2i_ASN1_T61STRING
+_libre_i2d_ASN1_T61STRING
+_libre_ASN1_IA5STRING_new
+_libre_ASN1_IA5STRING_free
+_libre_d2i_ASN1_IA5STRING
+_libre_i2d_ASN1_IA5STRING
+_libre_ASN1_GENERALSTRING_new
+_libre_ASN1_GENERALSTRING_free
+_libre_d2i_ASN1_GENERALSTRING
+_libre_i2d_ASN1_GENERALSTRING
+_libre_ASN1_UTCTIME_new
+_libre_ASN1_UTCTIME_free
+_libre_d2i_ASN1_UTCTIME
+_libre_i2d_ASN1_UTCTIME
+_libre_ASN1_GENERALIZEDTIME_new
+_libre_ASN1_GENERALIZEDTIME_free
+_libre_d2i_ASN1_GENERALIZEDTIME
+_libre_i2d_ASN1_GENERALIZEDTIME
+_libre_ASN1_TIME_new
+_libre_ASN1_TIME_free
+_libre_d2i_ASN1_TIME
+_libre_i2d_ASN1_TIME
+_libre_ASN1_TIME_to_tm
+_libre_ASN1_TIME_compare
+_libre_ASN1_TIME_cmp_time_t
+_libre_ASN1_TIME_normalize
+_libre_ASN1_TIME_set_string_X509
+_libre_ASN1_TIME_diff
+_libre_ASN1_TIME_set
+_libre_ASN1_TIME_set_tm
+_libre_ASN1_TIME_adj
+_libre_ASN1_TIME_check
+_libre_ASN1_TIME_to_generalizedtime
+_libre_ASN1_TIME_set_string
+_libre_i2a_ASN1_INTEGER
+_libre_a2i_ASN1_INTEGER
+_libre_i2a_ASN1_ENUMERATED
+_libre_a2i_ASN1_ENUMERATED
+_libre_i2a_ASN1_OBJECT
+_libre_a2i_ASN1_STRING
+_libre_i2a_ASN1_STRING
+_libre_i2t_ASN1_OBJECT
+_libre_a2d_ASN1_OBJECT
+_libre_ASN1_OBJECT_create
+_libre_ASN1_INTEGER_get_uint64
+_libre_ASN1_INTEGER_set_uint64
+_libre_ASN1_INTEGER_get_int64
+_libre_ASN1_INTEGER_set_int64
+_libre_ASN1_INTEGER_set
+_libre_ASN1_INTEGER_get
+_libre_BN_to_ASN1_INTEGER
+_libre_ASN1_INTEGER_to_BN
+_libre_ASN1_ENUMERATED_get_int64
+_libre_ASN1_ENUMERATED_set_int64
+_libre_ASN1_ENUMERATED_set
+_libre_ASN1_ENUMERATED_get
+_libre_BN_to_ASN1_ENUMERATED
+_libre_ASN1_ENUMERATED_to_BN
+_libre_ASN1_PRINTABLE_type
+_libre_ASN1_get_object
+_libre_ASN1_put_object
+_libre_ASN1_put_eoc
+_libre_ASN1_object_size
+_libre_ASN1_item_dup
+_libre_ASN1_dup
+_libre_ASN1_d2i_fp
+_libre_ASN1_item_d2i_fp
+_libre_ASN1_i2d_fp
+_libre_ASN1_item_i2d_fp
+_libre_ASN1_STRING_print_ex_fp
+_libre_ASN1_STRING_to_UTF8
+_libre_ASN1_d2i_bio
+_libre_ASN1_item_d2i_bio
+_libre_ASN1_i2d_bio
+_libre_ASN1_item_i2d_bio
+_libre_ASN1_UTCTIME_print
+_libre_ASN1_GENERALIZEDTIME_print
+_libre_ASN1_TIME_print
+_libre_ASN1_STRING_print
+_libre_ASN1_STRING_print_ex
+_libre_ASN1_bn_print
+_libre_ASN1_buf_print
+_libre_ASN1_parse
+_libre_ASN1_parse_dump
+_libre_ASN1_tag2bit
+_libre_ASN1_tag2str
+_libre_ASN1_UNIVERSALSTRING_to_string
+_libre_ASN1_TYPE_set_octetstring
+_libre_ASN1_TYPE_get_octetstring
+_libre_ASN1_TYPE_set_int_octetstring
+_libre_ASN1_TYPE_get_int_octetstring
+_libre_ASN1_item_pack
+_libre_ASN1_item_unpack
+_libre_ASN1_STRING_set_default_mask
+_libre_ASN1_STRING_set_default_mask_asc
+_libre_ASN1_STRING_get_default_mask
+_libre_ASN1_mbstring_copy
+_libre_ASN1_mbstring_ncopy
+_libre_ASN1_STRING_set_by_NID
+_libre_ASN1_STRING_TABLE_get
+_libre_ASN1_STRING_TABLE_add
+_libre_ASN1_STRING_TABLE_cleanup
+_libre_ASN1_item_new
+_libre_ASN1_item_free
+_libre_ASN1_item_d2i
+_libre_ASN1_item_i2d
+_libre_ASN1_add_oid_module
+_libre_ASN1_generate_nconf
+_libre_ASN1_generate_v3
+_libre_ASN1_item_print
+_libre_ASN1_PCTX_new
+_libre_ASN1_PCTX_free
+_libre_ASN1_PCTX_get_flags
+_libre_ASN1_PCTX_set_flags
+_libre_ASN1_PCTX_get_nm_flags
+_libre_ASN1_PCTX_set_nm_flags
+_libre_ASN1_PCTX_get_cert_flags
+_libre_ASN1_PCTX_set_cert_flags
+_libre_ASN1_PCTX_get_oid_flags
+_libre_ASN1_PCTX_set_oid_flags
+_libre_ASN1_PCTX_get_str_flags
+_libre_ASN1_PCTX_set_str_flags
+_libre_BIO_f_asn1
+_libre_SMIME_crlf_copy
+_libre_SMIME_text
+_libre_ERR_load_ASN1_strings
+_libre_ASN1_time_parse
+_libre_ASN1_time_tm_cmp
+_libre_ASN1_item_ex_new
+_libre_ASN1_item_ex_free
+_libre_ASN1_template_new
+_libre_ASN1_primitive_new
+_libre_ASN1_template_free
+_libre_ASN1_template_d2i
+_libre_ASN1_item_ex_d2i
+_libre_ASN1_item_ex_i2d
+_libre_ASN1_template_i2d
+_libre_ASN1_primitive_free
+_libre_BIO_set_flags
+_libre_BIO_test_flags
+_libre_BIO_clear_flags
+_libre_BIO_get_callback
+_libre_BIO_set_callback
+_libre_BIO_get_callback_ex
+_libre_BIO_set_callback_ex
+_libre_BIO_get_callback_arg
+_libre_BIO_set_callback_arg
+_libre_BIO_method_name
+_libre_BIO_method_type
+_libre_BIO_meth_new
+_libre_BIO_meth_free
+_libre_BIO_meth_get_write
+_libre_BIO_meth_set_write
+_libre_BIO_meth_get_read
+_libre_BIO_meth_set_read
+_libre_BIO_meth_get_puts
+_libre_BIO_meth_set_puts
+_libre_BIO_meth_get_gets
+_libre_BIO_meth_set_gets
+_libre_BIO_meth_get_ctrl
+_libre_BIO_meth_set_ctrl
+_libre_BIO_meth_get_create
+_libre_BIO_meth_set_create
+_libre_BIO_meth_get_destroy
+_libre_BIO_meth_set_destroy
+_libre_BIO_meth_get_callback_ctrl
+_libre_BIO_meth_set_callback_ctrl
+_libre_BIO_ctrl_pending
+_libre_BIO_ctrl_wpending
+_libre_BIO_ctrl_get_write_guarantee
+_libre_BIO_ctrl_get_read_request
+_libre_BIO_ctrl_reset_read_request
+_libre_BIO_set_ex_data
+_libre_BIO_get_ex_data
+_libre_BIO_number_read
+_libre_BIO_number_written
+_libre_BIO_asn1_set_prefix
+_libre_BIO_asn1_get_prefix
+_libre_BIO_asn1_set_suffix
+_libre_BIO_asn1_get_suffix
+_libre_BIO_get_new_index
+_libre_BIO_s_file
+_libre_BIO_new_file
+_libre_BIO_new_fp
+_libre_BIO_new
+_libre_BIO_set
+_libre_BIO_free
+_libre_BIO_up_ref
+_libre_BIO_get_data
+_libre_BIO_set_data
+_libre_BIO_get_init
+_libre_BIO_set_init
+_libre_BIO_get_shutdown
+_libre_BIO_set_shutdown
+_libre_BIO_vfree
+_libre_BIO_read
+_libre_BIO_gets
+_libre_BIO_write
+_libre_BIO_puts
+_libre_BIO_indent
+_libre_BIO_ctrl
+_libre_BIO_callback_ctrl
+_libre_BIO_ptr_ctrl
+_libre_BIO_int_ctrl
+_libre_BIO_push
+_libre_BIO_pop
+_libre_BIO_free_all
+_libre_BIO_find_type
+_libre_BIO_next
+_libre_BIO_set_next
+_libre_BIO_get_retry_BIO
+_libre_BIO_get_retry_reason
+_libre_BIO_set_retry_reason
+_libre_BIO_dup_chain
+_libre_BIO_nread0
+_libre_BIO_nread
+_libre_BIO_nwrite0
+_libre_BIO_nwrite
+_libre_BIO_debug_callback
+_libre_BIO_s_mem
+_libre_BIO_new_mem_buf
+_libre_BIO_s_socket
+_libre_BIO_s_connect
+_libre_BIO_s_accept
+_libre_BIO_s_fd
+_libre_BIO_s_log
+_libre_BIO_s_bio
+_libre_BIO_s_null
+_libre_BIO_f_null
+_libre_BIO_f_buffer
+_libre_BIO_f_nbio_test
+_libre_BIO_s_datagram
+_libre_BIO_sock_should_retry
+_libre_BIO_sock_non_fatal_error
+_libre_BIO_dgram_non_fatal_error
+_libre_BIO_fd_should_retry
+_libre_BIO_fd_non_fatal_error
+_libre_BIO_dump
+_libre_BIO_dump_indent
+_libre_BIO_dump_fp
+_libre_BIO_dump_indent_fp
+_libre_BIO_gethostbyname
+_libre_BIO_sock_error
+_libre_BIO_socket_ioctl
+_libre_BIO_socket_nbio
+_libre_BIO_get_port
+_libre_BIO_get_host_ip
+_libre_BIO_get_accept_socket
+_libre_BIO_accept
+_libre_BIO_sock_init
+_libre_BIO_sock_cleanup
+_libre_BIO_set_tcp_ndelay
+_libre_BIO_new_socket
+_libre_BIO_new_dgram
+_libre_BIO_new_fd
+_libre_BIO_new_connect
+_libre_BIO_new_accept
+_libre_BIO_copy_next_retry
+_libre_BIO_printf
+_libre_BIO_vprintf
+_libre_BIO_snprintf
+_libre_BIO_vsnprintf
+_libre_ERR_load_BIO_strings

lib/libcrypto/asn1/a_bitstr.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: a_bitstr.c,v 1.38 2023/01/13 14:46:08 tb Exp $ */
+/* $OpenBSD: a_bitstr.c,v 1.39 2023/07/05 21:23:36 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -79,12 +79,14 @@ ASN1_BIT_STRING_new(void)
 {
 	return (ASN1_BIT_STRING *)ASN1_item_new(&ASN1_BIT_STRING_it);
 }
+LCRYPTO_ALIAS(ASN1_BIT_STRING_new);
 
 void
 ASN1_BIT_STRING_free(ASN1_BIT_STRING *a)
 {
 	ASN1_item_free((ASN1_VALUE *)a, &ASN1_BIT_STRING_it);
 }
+LCRYPTO_ALIAS(ASN1_BIT_STRING_free);
 
 static void
 asn1_abs_clear_unused_bits(ASN1_BIT_STRING *abs)
@@ -110,6 +112,7 @@ ASN1_BIT_STRING_set(ASN1_BIT_STRING *x, unsigned char *d, int len)
 {
 	return ASN1_STRING_set(x, d, len);
 }
+LCRYPTO_ALIAS(ASN1_BIT_STRING_set);
 
 int
 ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value)
@@ -144,6 +147,7 @@ ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value)
 
 	return (1);
 }
+LCRYPTO_ALIAS(ASN1_BIT_STRING_set_bit);
 
 int
 ASN1_BIT_STRING_get_bit(const ASN1_BIT_STRING *a, int n)
@@ -156,6 +160,7 @@ ASN1_BIT_STRING_get_bit(const ASN1_BIT_STRING *a, int n)
 		return (0);
 	return ((a->data[w] & v) != 0);
 }
+LCRYPTO_ALIAS(ASN1_BIT_STRING_get_bit);
 
 /*
  * Checks if the given bit string contains only bits specified by
@@ -182,6 +187,7 @@ ASN1_BIT_STRING_check(const ASN1_BIT_STRING *a, const unsigned char *flags,
 	}
 	return ok;
 }
+LCRYPTO_ALIAS(ASN1_BIT_STRING_check);
 
 int
 ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs,
@@ -202,6 +208,7 @@ ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs,
 	BIO_puts(out, "\n");
 	return 1;
 }
+LCRYPTO_ALIAS(ASN1_BIT_STRING_name_print);
 
 int
 ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, const char *name, int value,
@@ -218,6 +225,7 @@ ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, const char *name, int value,
 	}
 	return 1;
 }
+LCRYPTO_ALIAS(ASN1_BIT_STRING_set_asc);
 
 int
 ASN1_BIT_STRING_num_asc(const char *name, BIT_STRING_BITNAME *tbl)
@@ -231,6 +239,7 @@ ASN1_BIT_STRING_num_asc(const char *name, BIT_STRING_BITNAME *tbl)
 	}
 	return -1;
 }
+LCRYPTO_ALIAS(ASN1_BIT_STRING_num_asc);
 
 int
 i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
@@ -388,6 +397,7 @@ i2d_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **out)
 {
 	return ASN1_item_i2d((ASN1_VALUE *)a, out, &ASN1_BIT_STRING_it);
 }
+LCRYPTO_ALIAS(i2d_ASN1_BIT_STRING);
 
 ASN1_BIT_STRING *
 d2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, const unsigned char **in, long len)
@@ -395,3 +405,4 @@ d2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, const unsigned char **in, long len)
 	return (ASN1_BIT_STRING *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
 	    &ASN1_BIT_STRING_it);
 }
+LCRYPTO_ALIAS(d2i_ASN1_BIT_STRING);

lib/libcrypto/asn1/a_enum.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: a_enum.c,v 1.28 2022/11/26 16:08:50 tb Exp $ */
+/* $OpenBSD: a_enum.c,v 1.29 2023/07/05 21:23:36 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -84,6 +84,7 @@ ASN1_ENUMERATED_new(void)
 {
 	return (ASN1_ENUMERATED *)ASN1_item_new(&ASN1_ENUMERATED_it);
 }
+LCRYPTO_ALIAS(ASN1_ENUMERATED_new);
 
 static void
 asn1_aenum_clear(ASN1_ENUMERATED *aenum)
@@ -100,6 +101,7 @@ ASN1_ENUMERATED_free(ASN1_ENUMERATED *a)
 {
 	ASN1_item_free((ASN1_VALUE *)a, &ASN1_ENUMERATED_it);
 }
+LCRYPTO_ALIAS(ASN1_ENUMERATED_free);
 
 int
 ASN1_ENUMERATED_get_int64(int64_t *out_val, const ASN1_ENUMERATED *aenum)
@@ -122,6 +124,7 @@ ASN1_ENUMERATED_get_int64(int64_t *out_val, const ASN1_ENUMERATED *aenum)
 	return asn1_aint_get_int64(&cbs, (aenum->type == V_ASN1_NEG_ENUMERATED),
 	    out_val);
 }
+LCRYPTO_ALIAS(ASN1_ENUMERATED_get_int64);
 
 int
 ASN1_ENUMERATED_set_int64(ASN1_ENUMERATED *aenum, int64_t val)
@@ -139,6 +142,7 @@ ASN1_ENUMERATED_set_int64(ASN1_ENUMERATED *aenum, int64_t val)
 
 	return asn1_aint_set_uint64(uval, &aenum->data, &aenum->length);
 }
+LCRYPTO_ALIAS(ASN1_ENUMERATED_set_int64);
 
 long
 ASN1_ENUMERATED_get(const ASN1_ENUMERATED *aenum)
@@ -156,12 +160,14 @@ ASN1_ENUMERATED_get(const ASN1_ENUMERATED *aenum)
 
 	return (long)val;
 }
+LCRYPTO_ALIAS(ASN1_ENUMERATED_get);
 
 int
 ASN1_ENUMERATED_set(ASN1_ENUMERATED *aenum, long val)
 {
 	return ASN1_ENUMERATED_set_int64(aenum, val);
 }
+LCRYPTO_ALIAS(ASN1_ENUMERATED_set);
 
 ASN1_ENUMERATED *
 BN_to_ASN1_ENUMERATED(const BIGNUM *bn, ASN1_ENUMERATED *ai)
@@ -205,6 +211,7 @@ BN_to_ASN1_ENUMERATED(const BIGNUM *bn, ASN1_ENUMERATED *ai)
 		ASN1_ENUMERATED_free(ret);
 	return (NULL);
 }
+LCRYPTO_ALIAS(BN_to_ASN1_ENUMERATED);
 
 BIGNUM *
 ASN1_ENUMERATED_to_BN(const ASN1_ENUMERATED *ai, BIGNUM *bn)
@@ -217,6 +224,7 @@ ASN1_ENUMERATED_to_BN(const ASN1_ENUMERATED *ai, BIGNUM *bn)
 		BN_set_negative(ret, 1);
 	return (ret);
 }
+LCRYPTO_ALIAS(ASN1_ENUMERATED_to_BN);
 
 /* Based on a_int.c: equivalent ENUMERATED functions */
 
@@ -253,6 +261,7 @@ i2a_ASN1_ENUMERATED(BIO *bp, const ASN1_ENUMERATED *a)
  err:
 	return (-1);
 }
+LCRYPTO_ALIAS(i2a_ASN1_ENUMERATED);
 
 int
 a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, char *buf, int size)
@@ -344,6 +353,7 @@ a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, char *buf, int size)
 	free(s);
 	return (ret);
 }
+LCRYPTO_ALIAS(a2i_ASN1_ENUMERATED);
 
 int
 c2i_ASN1_ENUMERATED_cbs(ASN1_ENUMERATED **out_aenum, CBS *cbs)
@@ -372,6 +382,7 @@ i2d_ASN1_ENUMERATED(ASN1_ENUMERATED *a, unsigned char **out)
 {
 	return ASN1_item_i2d((ASN1_VALUE *)a, out, &ASN1_ENUMERATED_it);
 }
+LCRYPTO_ALIAS(i2d_ASN1_ENUMERATED);
 
 ASN1_ENUMERATED *
 d2i_ASN1_ENUMERATED(ASN1_ENUMERATED **a, const unsigned char **in, long len)
@@ -379,3 +390,4 @@ d2i_ASN1_ENUMERATED(ASN1_ENUMERATED **a, const unsigned char **in, long len)
 	return (ASN1_ENUMERATED *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
 	    &ASN1_ENUMERATED_it);
 }
+LCRYPTO_ALIAS(d2i_ASN1_ENUMERATED);

lib/libcrypto/asn1/a_int.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: a_int.c,v 1.46 2022/08/28 17:49:25 jsing Exp $ */
+/* $OpenBSD: a_int.c,v 1.47 2023/07/05 21:23:36 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -79,6 +79,7 @@ ASN1_INTEGER_new(void)
 {
 	return (ASN1_INTEGER *)ASN1_item_new(&ASN1_INTEGER_it);
 }
+LCRYPTO_ALIAS(ASN1_INTEGER_new);
 
 static void
 asn1_aint_clear(ASN1_INTEGER *aint)
@@ -95,6 +96,7 @@ ASN1_INTEGER_free(ASN1_INTEGER *a)
 {
 	ASN1_item_free((ASN1_VALUE *)a, &ASN1_INTEGER_it);
 }
+LCRYPTO_ALIAS(ASN1_INTEGER_free);
 
 static int
 ASN1_INTEGER_valid(const ASN1_INTEGER *a)
@@ -110,6 +112,7 @@ ASN1_INTEGER_dup(const ASN1_INTEGER *x)
 
 	return ASN1_STRING_dup(x);
 }
+LCRYPTO_ALIAS(ASN1_INTEGER_dup);
 
 int
 ASN1_INTEGER_cmp(const ASN1_INTEGER *a, const ASN1_INTEGER *b)
@@ -125,6 +128,7 @@ ASN1_INTEGER_cmp(const ASN1_INTEGER *a, const ASN1_INTEGER *b)
 
 	return ret;
 }
+LCRYPTO_ALIAS(ASN1_INTEGER_cmp);
 
 int
 asn1_aint_get_uint64(CBS *cbs, uint64_t *out_val)
@@ -248,6 +252,7 @@ ASN1_INTEGER_get_uint64(uint64_t *out_val, const ASN1_INTEGER *aint)
 
 	return 1;
 }
+LCRYPTO_ALIAS(ASN1_INTEGER_get_uint64);
 
 int
 ASN1_INTEGER_set_uint64(ASN1_INTEGER *aint, uint64_t val)
@@ -256,6 +261,7 @@ ASN1_INTEGER_set_uint64(ASN1_INTEGER *aint, uint64_t val)
 
 	return asn1_aint_set_uint64(val, &aint->data, &aint->length);
 }
+LCRYPTO_ALIAS(ASN1_INTEGER_set_uint64);
 
 int
 ASN1_INTEGER_get_int64(int64_t *out_val, const ASN1_INTEGER *aint)
@@ -278,6 +284,7 @@ ASN1_INTEGER_get_int64(int64_t *out_val, const ASN1_INTEGER *aint)
 	return asn1_aint_get_int64(&cbs, (aint->type == V_ASN1_NEG_INTEGER),
 	    out_val);
 }
+LCRYPTO_ALIAS(ASN1_INTEGER_get_int64);
 
 int
 ASN1_INTEGER_set_int64(ASN1_INTEGER *aint, int64_t val)
@@ -295,6 +302,7 @@ ASN1_INTEGER_set_int64(ASN1_INTEGER *aint, int64_t val)
 
 	return asn1_aint_set_uint64(uval, &aint->data, &aint->length);
 }
+LCRYPTO_ALIAS(ASN1_INTEGER_set_int64);
 
 long
 ASN1_INTEGER_get(const ASN1_INTEGER *aint)
@@ -312,12 +320,14 @@ ASN1_INTEGER_get(const ASN1_INTEGER *aint)
 
 	return (long)val;
 }
+LCRYPTO_ALIAS(ASN1_INTEGER_get);
 
 int
 ASN1_INTEGER_set(ASN1_INTEGER *aint, long val)
 {
 	return ASN1_INTEGER_set_int64(aint, val);
 }
+LCRYPTO_ALIAS(ASN1_INTEGER_set);
 
 ASN1_INTEGER *
 BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai)
@@ -365,6 +375,7 @@ BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai)
 		ASN1_INTEGER_free(ret);
 	return (NULL);
 }
+LCRYPTO_ALIAS(BN_to_ASN1_INTEGER);
 
 BIGNUM *
 ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn)
@@ -380,6 +391,7 @@ ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn)
 		BN_set_negative(ret, 1);
 	return (ret);
 }
+LCRYPTO_ALIAS(ASN1_INTEGER_to_BN);
 
 int
 i2a_ASN1_INTEGER(BIO *bp, const ASN1_INTEGER *a)
@@ -420,6 +432,7 @@ i2a_ASN1_INTEGER(BIO *bp, const ASN1_INTEGER *a)
  err:
 	return (-1);
 }
+LCRYPTO_ALIAS(i2a_ASN1_INTEGER);
 
 int
 a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size)
@@ -509,6 +522,7 @@ a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size)
 	free(s);
 	return (ret);
 }
+LCRYPTO_ALIAS(a2i_ASN1_INTEGER);
 
 static void
 asn1_aint_twos_complement(uint8_t *data, size_t data_len)
@@ -757,6 +771,7 @@ i2d_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **out)
 {
 	return ASN1_item_i2d((ASN1_VALUE *)a, out, &ASN1_INTEGER_it);
 }
+LCRYPTO_ALIAS(i2d_ASN1_INTEGER);
 
 ASN1_INTEGER *
 d2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **in, long len)
@@ -764,6 +779,7 @@ d2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **in, long len)
 	return (ASN1_INTEGER *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
 	    &ASN1_INTEGER_it);
 }
+LCRYPTO_ALIAS(d2i_ASN1_INTEGER);
 
 /* This is a version of d2i_ASN1_INTEGER that ignores the sign bit of
  * ASN1 integers: some broken software can encode a positive INTEGER
@@ -838,3 +854,4 @@ d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp, long length)
 		ASN1_INTEGER_free(ret);
 	return (NULL);
 }
+LCRYPTO_ALIAS(d2i_ASN1_UINTEGER);

lib/libcrypto/asn1/a_mbstr.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: a_mbstr.c,v 1.26 2022/12/26 07:18:51 jmc Exp $ */
+/* $OpenBSD: a_mbstr.c,v 1.27 2023/07/05 21:23:36 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -90,6 +90,7 @@ ASN1_mbstring_copy(ASN1_STRING **out, const unsigned char *in, int len,
 {
 	return ASN1_mbstring_ncopy(out, in, len, inform, mask, 0, 0);
 }
+LCRYPTO_ALIAS(ASN1_mbstring_copy);
 
 int
 ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
@@ -255,6 +256,7 @@ ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
 	}
 	return -1;
 }
+LCRYPTO_ALIAS(ASN1_mbstring_ncopy);
 
 /* This function traverses a string and passes the value of each character
  * to an optional function along with a void * argument.

lib/libcrypto/asn1/a_object.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: a_object.c,v 1.50 2023/05/23 11:51:12 tb Exp $ */
+/* $OpenBSD: a_object.c,v 1.51 2023/07/05 21:23:36 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -87,6 +87,7 @@ ASN1_OBJECT_new(void)
 
 	return a;
 }
+LCRYPTO_ALIAS(ASN1_OBJECT_new);
 
 void
 ASN1_OBJECT_free(ASN1_OBJECT *a)
@@ -106,6 +107,7 @@ ASN1_OBJECT_free(ASN1_OBJECT *a)
 	if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC)
 		free(a);
 }
+LCRYPTO_ALIAS(ASN1_OBJECT_free);
 
 ASN1_OBJECT *
 ASN1_OBJECT_create(int nid, unsigned char *data, int len,
@@ -122,6 +124,7 @@ ASN1_OBJECT_create(int nid, unsigned char *data, int len,
 	    ASN1_OBJECT_FLAG_DYNAMIC_DATA;
 	return (OBJ_dup(&o));
 }
+LCRYPTO_ALIAS(ASN1_OBJECT_create);
 
 static int
 oid_add_arc(CBB *cbb, uint64_t arc)
@@ -367,6 +370,7 @@ a2d_ASN1_OBJECT(unsigned char *out, int out_len, const char *in, int in_len)
 
 	return ret;
 }
+LCRYPTO_ALIAS(a2d_ASN1_OBJECT);
 
 static int
 i2t_ASN1_OBJECT_oid(const ASN1_OBJECT *aobj, CBB *cbb)
@@ -456,6 +460,7 @@ i2t_ASN1_OBJECT(char *buf, int buf_len, const ASN1_OBJECT *aobj)
 {
 	return i2t_ASN1_OBJECT_internal(aobj, buf, buf_len, 0);
 }
+LCRYPTO_ALIAS(i2t_ASN1_OBJECT);
 
 ASN1_OBJECT *
 t2i_ASN1_OBJECT_internal(const char *oid)
@@ -523,6 +528,7 @@ i2a_ASN1_OBJECT(BIO *bp, const ASN1_OBJECT *aobj)
 
 	return ret;
 }
+LCRYPTO_ALIAS(i2a_ASN1_OBJECT);
 
 int
 c2i_ASN1_OBJECT_cbs(ASN1_OBJECT **out_aobj, CBS *content)
@@ -627,6 +633,7 @@ i2d_ASN1_OBJECT(const ASN1_OBJECT *a, unsigned char **pp)
 	*pp = p;
 	return (objsize);
 }
+LCRYPTO_ALIAS(i2d_ASN1_OBJECT);
 
 ASN1_OBJECT *
 d2i_ASN1_OBJECT(ASN1_OBJECT **out_aobj, const unsigned char **pp, long length)
@@ -666,3 +673,4 @@ d2i_ASN1_OBJECT(ASN1_OBJECT **out_aobj, const unsigned char **pp, long length)
 
 	return aobj;
 }
+LCRYPTO_ALIAS(d2i_ASN1_OBJECT);

lib/libcrypto/asn1/a_octet.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: a_octet.c,v 1.11 2021/12/25 08:52:44 jsing Exp $ */
+/* $OpenBSD: a_octet.c,v 1.12 2023/07/05 21:23:36 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -72,12 +72,14 @@ ASN1_OCTET_STRING_new(void)
 {
 	return (ASN1_OCTET_STRING *)ASN1_item_new(&ASN1_OCTET_STRING_it);
 }
+LCRYPTO_ALIAS(ASN1_OCTET_STRING_new);
 
 void
 ASN1_OCTET_STRING_free(ASN1_OCTET_STRING *a)
 {
 	ASN1_item_free((ASN1_VALUE *)a, &ASN1_OCTET_STRING_it);
 }
+LCRYPTO_ALIAS(ASN1_OCTET_STRING_free);
 
 
 ASN1_OCTET_STRING *
@@ -85,24 +87,28 @@ ASN1_OCTET_STRING_dup(const ASN1_OCTET_STRING *x)
 {
 	return ASN1_STRING_dup(x);
 }
+LCRYPTO_ALIAS(ASN1_OCTET_STRING_dup);
 
 int
 ASN1_OCTET_STRING_cmp(const ASN1_OCTET_STRING *a, const ASN1_OCTET_STRING *b)
 {
 	return ASN1_STRING_cmp(a, b);
 }
+LCRYPTO_ALIAS(ASN1_OCTET_STRING_cmp);
 
 int
 ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *x, const unsigned char *d, int len)
 {
 	return ASN1_STRING_set(x, d, len);
 }
+LCRYPTO_ALIAS(ASN1_OCTET_STRING_set);
 
 int
 i2d_ASN1_OCTET_STRING(ASN1_OCTET_STRING *a, unsigned char **out)
 {
 	return ASN1_item_i2d((ASN1_VALUE *)a, out, &ASN1_OCTET_STRING_it);
 }
+LCRYPTO_ALIAS(i2d_ASN1_OCTET_STRING);
 
 ASN1_OCTET_STRING *
 d2i_ASN1_OCTET_STRING(ASN1_OCTET_STRING **a, const unsigned char **in, long len)
@@ -110,3 +116,4 @@ d2i_ASN1_OCTET_STRING(ASN1_OCTET_STRING **a, const unsigned char **in, long len)
 	return (ASN1_OCTET_STRING *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
 	    &ASN1_OCTET_STRING_it);
 }
+LCRYPTO_ALIAS(d2i_ASN1_OCTET_STRING);

lib/libcrypto/asn1/a_pkey.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: a_pkey.c,v 1.4 2022/11/26 16:08:50 tb Exp $ */
+/* $OpenBSD: a_pkey.c,v 1.5 2023/07/05 21:23:36 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -123,6 +123,7 @@ d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp, long length)
 		EVP_PKEY_free(ret);
 	return (NULL);
 }
+LCRYPTO_ALIAS(d2i_PrivateKey);
 
 int
 i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp)
@@ -139,6 +140,7 @@ i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp)
 	ASN1error(ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
 	return (-1);
 }
+LCRYPTO_ALIAS(i2d_PrivateKey);
 
 /* This works like d2i_PrivateKey() except it automatically works out the type */
 
@@ -184,3 +186,4 @@ d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp, long length)
 	sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free);
 	return d2i_PrivateKey(keytype, a, pp, length);
 }
+LCRYPTO_ALIAS(d2i_AutoPrivateKey);

lib/libcrypto/asn1/a_print.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: a_print.c,v 1.12 2023/03/12 11:49:02 tb Exp $ */
+/* $OpenBSD: a_print.c,v 1.13 2023/07/05 21:23:36 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -94,6 +94,7 @@ ASN1_PRINTABLE_type(const unsigned char *s, int len)
 		return (V_ASN1_IA5STRING);
 	return (V_ASN1_PRINTABLESTRING);
 }
+LCRYPTO_ALIAS(ASN1_PRINTABLE_type);
 
 int
 ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s)
@@ -123,3 +124,4 @@ ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s)
 	s->type = ASN1_PRINTABLE_type(s->data, s->length);
 	return (1);
 }
+LCRYPTO_ALIAS(ASN1_UNIVERSALSTRING_to_string);

lib/libcrypto/asn1/a_pubkey.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: a_pubkey.c,v 1.4 2022/11/26 16:08:50 tb Exp $ */
+/* $OpenBSD: a_pubkey.c,v 1.5 2023/07/05 21:23:36 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -136,6 +136,7 @@ d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp, long length)
 		EVP_PKEY_free(ret);
 	return (NULL);
 }
+LCRYPTO_ALIAS(d2i_PublicKey);
 
 int
 i2d_PublicKey(EVP_PKEY *a, unsigned char **pp)
@@ -158,3 +159,4 @@ i2d_PublicKey(EVP_PKEY *a, unsigned char **pp)
 		return (-1);
 	}
 }
+LCRYPTO_ALIAS(i2d_PublicKey);

lib/libcrypto/asn1/a_strex.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: a_strex.c,v 1.32 2022/11/26 16:08:50 tb Exp $ */
+/* $OpenBSD: a_strex.c,v 1.33 2023/07/05 21:23:36 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2000.
  */
@@ -570,6 +570,7 @@ X509_NAME_print_ex(BIO *out, const X509_NAME *nm, int indent,
 		return X509_NAME_print(out, nm, indent);
 	return do_name_ex(send_bio_chars, out, nm, indent, flags);
 }
+LCRYPTO_ALIAS(X509_NAME_print_ex);
 
 int
 X509_NAME_print_ex_fp(FILE *fp, const X509_NAME *nm, int indent,
@@ -587,15 +588,18 @@ X509_NAME_print_ex_fp(FILE *fp, const X509_NAME *nm, int indent,
 	}
 	return do_name_ex(send_fp_chars, fp, nm, indent, flags);
 }
+LCRYPTO_ALIAS(X509_NAME_print_ex_fp);
 
 int
 ASN1_STRING_print_ex(BIO *out, const ASN1_STRING *str, unsigned long flags)
 {
 	return do_print_ex(send_bio_chars, out, flags, str);
 }
+LCRYPTO_ALIAS(ASN1_STRING_print_ex);
 
 int
 ASN1_STRING_print_ex_fp(FILE *fp, const ASN1_STRING *str, unsigned long flags)
 {
 	return do_print_ex(send_fp_chars, fp, flags, str);
 }
+LCRYPTO_ALIAS(ASN1_STRING_print_ex_fp);

lib/libcrypto/asn1/a_string.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: a_string.c,v 1.13 2022/11/28 07:50:47 tb Exp $ */
+/* $OpenBSD: a_string.c,v 1.14 2023/07/05 21:23:36 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -70,6 +70,7 @@ ASN1_STRING_new(void)
 {
 	return ASN1_STRING_type_new(V_ASN1_OCTET_STRING);
 }
+LCRYPTO_ALIAS(ASN1_STRING_new);
 
 ASN1_STRING *
 ASN1_STRING_type_new(int type)
@@ -84,6 +85,7 @@ ASN1_STRING_type_new(int type)
 
 	return astr;
 }
+LCRYPTO_ALIAS(ASN1_STRING_type_new);
 
 static void
 ASN1_STRING_clear(ASN1_STRING *astr)
@@ -106,6 +108,7 @@ ASN1_STRING_free(ASN1_STRING *astr)
 
 	free(astr);
 }
+LCRYPTO_ALIAS(ASN1_STRING_free);
 
 int
 ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
@@ -121,6 +124,7 @@ ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
 
 	return (a->type - b->type);
 }
+LCRYPTO_ALIAS(ASN1_STRING_cmp);
 
 int
 ASN1_STRING_copy(ASN1_STRING *dst, const ASN1_STRING *src)
@@ -136,6 +140,7 @@ ASN1_STRING_copy(ASN1_STRING *dst, const ASN1_STRING *src)
 
 	return 1;
 }
+LCRYPTO_ALIAS(ASN1_STRING_copy);
 
 ASN1_STRING *
 ASN1_STRING_dup(const ASN1_STRING *src)
@@ -153,6 +158,7 @@ ASN1_STRING_dup(const ASN1_STRING *src)
 	}
 	return astr;
 }
+LCRYPTO_ALIAS(ASN1_STRING_dup);
 
 int
 ASN1_STRING_set(ASN1_STRING *astr, const void *_data, int len)
@@ -189,6 +195,7 @@ ASN1_STRING_set(ASN1_STRING *astr, const void *_data, int len)
 
 	return 1;
 }
+LCRYPTO_ALIAS(ASN1_STRING_set);
 
 void
 ASN1_STRING_set0(ASN1_STRING *astr, void *data, int len)
@@ -198,12 +205,14 @@ ASN1_STRING_set0(ASN1_STRING *astr, void *data, int len)
 	astr->data = data;
 	astr->length = len;
 }
+LCRYPTO_ALIAS(ASN1_STRING_set0);
 
 int
 ASN1_STRING_length(const ASN1_STRING *astr)
 {
 	return astr->length;
 }
+LCRYPTO_ALIAS(ASN1_STRING_length);
 
 void
 ASN1_STRING_length_set(ASN1_STRING *astr, int len)
@@ -211,24 +220,28 @@ ASN1_STRING_length_set(ASN1_STRING *astr, int len)
 	/* This is dangerous and unfixable. */
 	astr->length = len;
 }
+LCRYPTO_ALIAS(ASN1_STRING_length_set);
 
 int
 ASN1_STRING_type(const ASN1_STRING *astr)
 {
 	return astr->type;
 }
+LCRYPTO_ALIAS(ASN1_STRING_type);
 
 unsigned char *
 ASN1_STRING_data(ASN1_STRING *astr)
 {
 	return astr->data;
 }
+LCRYPTO_ALIAS(ASN1_STRING_data);
 
 const unsigned char *
 ASN1_STRING_get0_data(const ASN1_STRING *astr)
 {
 	return astr->data;
 }
+LCRYPTO_ALIAS(ASN1_STRING_get0_data);
 
 int
 ASN1_STRING_print(BIO *bp, const ASN1_STRING *astr)
@@ -262,6 +275,7 @@ ASN1_STRING_print(BIO *bp, const ASN1_STRING *astr)
 
 	return 1;
 }
+LCRYPTO_ALIAS(ASN1_STRING_print);
 
 /*
  * Utility function: convert any string type to UTF8, returns number of bytes
@@ -304,6 +318,7 @@ ASN1_STRING_to_UTF8(unsigned char **out, const ASN1_STRING *in)
 
 	return ret;
 }
+LCRYPTO_ALIAS(ASN1_STRING_to_UTF8);
 
 int
 i2a_ASN1_STRING(BIO *bp, const ASN1_STRING *astr, int type)
@@ -338,6 +353,7 @@ i2a_ASN1_STRING(BIO *bp, const ASN1_STRING *astr, int type)
  err:
 	return -1;
 }
+LCRYPTO_ALIAS(i2a_ASN1_STRING);
 
 int
 a2i_ASN1_STRING(BIO *bp, ASN1_STRING *astr, char *buf, int size)
@@ -429,3 +445,4 @@ a2i_ASN1_STRING(BIO *bp, ASN1_STRING *astr, char *buf, int size)
 
 	return ret;
 }
+LCRYPTO_ALIAS(a2i_ASN1_STRING);

lib/libcrypto/asn1/a_strnid.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: a_strnid.c,v 1.25 2021/12/13 17:55:53 schwarze Exp $ */
+/* $OpenBSD: a_strnid.c,v 1.27 2023/07/05 21:23:36 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -86,12 +86,14 @@ ASN1_STRING_set_default_mask(unsigned long mask)
 {
 	global_mask = mask;
 }
+LCRYPTO_ALIAS(ASN1_STRING_set_default_mask);
 
 unsigned long
 ASN1_STRING_get_default_mask(void)
 {
 	return global_mask;
 }
+LCRYPTO_ALIAS(ASN1_STRING_get_default_mask);
 
 /*
  * This function sets the default to various "flavours" of configuration
@@ -134,6 +136,7 @@ ASN1_STRING_set_default_mask_asc(const char *p)
 	ASN1_STRING_set_default_mask(mask);
 	return 1;
 }
+LCRYPTO_ALIAS(ASN1_STRING_set_default_mask_asc);
 
 /*
  * The following function generates an ASN1_STRING based on limits in a table.
@@ -166,6 +169,7 @@ ASN1_STRING_set_by_NID(ASN1_STRING **out, const unsigned char *in, int inlen,
 		return NULL;
 	return *out;
 }
+LCRYPTO_ALIAS(ASN1_STRING_set_by_NID);
 
 /*
  * Now the tables and helper functions for the string table:
@@ -187,25 +191,139 @@ ASN1_STRING_set_by_NID(ASN1_STRING **out, const unsigned char *in, int inlen,
 /* This table must be kept in NID order */
 
 static const ASN1_STRING_TABLE tbl_standard[] = {
-	{NID_commonName,		1, ub_common_name, DIRSTRING_TYPE, 0},
-	{NID_countryName,		2, 2, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
-	{NID_localityName,		1, ub_locality_name, DIRSTRING_TYPE, 0},
-	{NID_stateOrProvinceName,	1, ub_state_name, DIRSTRING_TYPE, 0},
-	{NID_organizationName,		1, ub_organization_name, DIRSTRING_TYPE, 0},
-	{NID_organizationalUnitName,	1, ub_organization_unit_name, DIRSTRING_TYPE, 0},
-	{NID_pkcs9_emailAddress,	1, ub_email_address, B_ASN1_IA5STRING, STABLE_NO_MASK},
-	{NID_pkcs9_unstructuredName,	1, -1, PKCS9STRING_TYPE, 0},
-	{NID_pkcs9_challengePassword,	1, -1, PKCS9STRING_TYPE, 0},
-	{NID_pkcs9_unstructuredAddress,	1, -1, DIRSTRING_TYPE, 0},
-	{NID_givenName,			1, ub_name, DIRSTRING_TYPE, 0},
-	{NID_surname,			1, ub_name, DIRSTRING_TYPE, 0},
-	{NID_initials,			1, ub_name, DIRSTRING_TYPE, 0},
-	{NID_serialNumber,		1, ub_serial_number, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
-	{NID_friendlyName,		-1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK},
-	{NID_name,			1, ub_name, DIRSTRING_TYPE, 0},
-	{NID_dnQualifier,		-1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
-	{NID_domainComponent,		1, -1, B_ASN1_IA5STRING, STABLE_NO_MASK},
-	{NID_ms_csp_name,		-1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK}
+	{
+		.nid = NID_commonName,
+		.minsize = 1,
+		.maxsize = ub_common_name,
+		.mask = DIRSTRING_TYPE,
+		.flags = 0,
+	},
+	{
+		.nid = NID_countryName,
+		.minsize = 2,
+		.maxsize = 2,
+		.mask = B_ASN1_PRINTABLESTRING,
+		.flags = STABLE_NO_MASK,
+	},
+	{
+		.nid = NID_localityName,
+		.minsize = 1,
+		.maxsize = ub_locality_name,
+		.mask = DIRSTRING_TYPE,
+		.flags = 0,
+	},
+	{
+		.nid = NID_stateOrProvinceName,
+		.minsize = 1,
+		.maxsize = ub_state_name,
+		.mask = DIRSTRING_TYPE,
+		.flags = 0,
+	},
+	{
+		.nid = NID_organizationName,
+		.minsize = 1,
+		.maxsize = ub_organization_name,
+		.mask = DIRSTRING_TYPE,
+		.flags = 0,
+	},
+	{
+		.nid = NID_organizationalUnitName,
+		.minsize = 1,
+		.maxsize = ub_organization_unit_name,
+		.mask = DIRSTRING_TYPE,
+		.flags = 0,
+	},
+	{
+		.nid = NID_pkcs9_emailAddress,
+		.minsize = 1,
+		.maxsize = ub_email_address,
+		.mask = B_ASN1_IA5STRING,
+		.flags = STABLE_NO_MASK,
+	},
+	{
+		.nid = NID_pkcs9_unstructuredName,
+		.minsize = 1,
+		.maxsize = -1,
+		.mask = PKCS9STRING_TYPE,
+		.flags = 0,
+	},
+	{
+		.nid = NID_pkcs9_challengePassword,
+		.minsize = 1,
+		.maxsize = -1,
+		.mask = PKCS9STRING_TYPE,
+		.flags = 0,
+	},
+	{
+		.nid = NID_pkcs9_unstructuredAddress,
+		.minsize = 1,
+		.maxsize = -1,
+		.mask = DIRSTRING_TYPE,
+		.flags = 0,
+	},
+	{
+		.nid = NID_givenName,
+		.minsize = 1,
+		.maxsize = ub_name,
+		.mask = DIRSTRING_TYPE,
+		.flags = 0,
+	},
+	{
+		.nid = NID_surname,
+		.minsize = 1,
+		.maxsize = ub_name,
+		.mask = DIRSTRING_TYPE,
+		.flags = 0,
+	},
+	{
+		.nid = NID_initials,
+		.minsize = 1,
+		.maxsize = ub_name,
+		.mask = DIRSTRING_TYPE,
+		.flags = 0,
+	},
+	{
+		.nid = NID_serialNumber,
+		.minsize = 1,
+		.maxsize = ub_serial_number,
+		.mask = B_ASN1_PRINTABLESTRING,
+		.flags = STABLE_NO_MASK,
+	},
+	{
+		.nid = NID_friendlyName,
+		.minsize = -1,
+		.maxsize = -1,
+		.mask = B_ASN1_BMPSTRING,
+		.flags = STABLE_NO_MASK,
+	},
+	{
+		.nid = NID_name,
+		.minsize = 1,
+		.maxsize = ub_name,
+		.mask = DIRSTRING_TYPE,
+		.flags = 0,
+	},
+	{
+		.nid = NID_dnQualifier,
+		.minsize = -1,
+		.maxsize = -1,
+		.mask = B_ASN1_PRINTABLESTRING,
+		.flags = STABLE_NO_MASK,
+	},
+	{
+		.nid = NID_domainComponent,
+		.minsize = 1,
+		.maxsize = -1,
+		.mask = B_ASN1_IA5STRING,
+		.flags = STABLE_NO_MASK,
+	},
+	{
+		.nid = NID_ms_csp_name,
+		.minsize = -1,
+		.maxsize = -1,
+		.mask = B_ASN1_BMPSTRING,
+		.flags = STABLE_NO_MASK,
+	},
 };
 
 static int
@@ -254,8 +372,9 @@ ASN1_STRING_TABLE_get(int nid)
 			return sk_ASN1_STRING_TABLE_value(stable, idx);
 	}
 	return OBJ_bsearch_table(&fnd, tbl_standard,
-	    sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE));
+	    sizeof(tbl_standard) / sizeof(tbl_standard[0]));
 }
+LCRYPTO_ALIAS(ASN1_STRING_TABLE_get);
 
 /*
  * Return a string table pointer which can be modified: either directly
@@ -321,6 +440,7 @@ ASN1_STRING_TABLE_add(int nid, long minsize, long maxsize, unsigned long mask,
 
 	return 1;
 }
+LCRYPTO_ALIAS(ASN1_STRING_TABLE_add);
 
 void
 ASN1_STRING_TABLE_cleanup(void)
@@ -333,6 +453,7 @@ ASN1_STRING_TABLE_cleanup(void)
 	stable = NULL;
 	sk_ASN1_STRING_TABLE_pop_free(tmp, st_free);
 }
+LCRYPTO_ALIAS(ASN1_STRING_TABLE_cleanup);
 
 static void
 st_free(ASN1_STRING_TABLE *tbl)

lib/libcrypto/asn1/a_time.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: a_time.c,v 1.36 2022/11/26 16:08:50 tb Exp $ */
+/* $OpenBSD: a_time.c,v 1.37 2023/07/05 21:23:36 beck Exp $ */
 /* ====================================================================
  * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
  *
@@ -84,12 +84,14 @@ ASN1_TIME_new(void)
 {
 	return (ASN1_TIME *)ASN1_item_new(&ASN1_TIME_it);
 }
+LCRYPTO_ALIAS(ASN1_TIME_new);
 
 void
 ASN1_TIME_free(ASN1_TIME *a)
 {
 	ASN1_item_free((ASN1_VALUE *)a, &ASN1_TIME_it);
 }
+LCRYPTO_ALIAS(ASN1_TIME_free);
 
 int
 ASN1_TIME_to_tm(const ASN1_TIME *s, struct tm *tm)
@@ -104,6 +106,7 @@ ASN1_TIME_to_tm(const ASN1_TIME *s, struct tm *tm)
 
 	return asn1_time_time_t_to_tm(&now, tm);
 }
+LCRYPTO_ALIAS(ASN1_TIME_to_tm);
 
 int
 ASN1_TIME_diff(int *pday, int *psec, const ASN1_TIME *from, const ASN1_TIME *to)
@@ -117,6 +120,7 @@ ASN1_TIME_diff(int *pday, int *psec, const ASN1_TIME *from, const ASN1_TIME *to)
 
 	return OPENSSL_gmtime_diff(pday, psec, &tm_from, &tm_to);
 }
+LCRYPTO_ALIAS(ASN1_TIME_diff);
 
 ASN1_TIME *
 d2i_ASN1_TIME(ASN1_TIME **a, const unsigned char **in, long len)
@@ -124,9 +128,11 @@ d2i_ASN1_TIME(ASN1_TIME **a, const unsigned char **in, long len)
 	return (ASN1_TIME *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
 	    &ASN1_TIME_it);
 }
+LCRYPTO_ALIAS(d2i_ASN1_TIME);
 
 int
 i2d_ASN1_TIME(ASN1_TIME *a, unsigned char **out)
 {
 	return ASN1_item_i2d((ASN1_VALUE *)a, out, &ASN1_TIME_it);
 }
+LCRYPTO_ALIAS(i2d_ASN1_TIME);

lib/libcrypto/asn1/a_time_tm.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: a_time_tm.c,v 1.27 2022/11/26 16:08:50 tb Exp $ */
+/* $OpenBSD: a_time_tm.c,v 1.28 2023/07/05 21:23:36 beck Exp $ */
 /*
  * Copyright (c) 2015 Bob Beck <beck@openbsd.org>
  *
@@ -60,6 +60,7 @@ ASN1_time_tm_cmp(struct tm *tm1, struct tm *tm2)
 		return (1);
 	return 0;
 }
+LCRYPTO_ALIAS(ASN1_time_tm_cmp);
 
 int
 ASN1_time_tm_clamp_notafter(struct tm *tm)
@@ -76,6 +77,7 @@ ASN1_time_tm_clamp_notafter(struct tm *tm)
 #endif
 	return 1;
 }
+LCRYPTO_ALIAS(ASN1_time_tm_clamp_notafter);
 
 /* Convert time to GeneralizedTime, X.690, 11.7. */
 ASN1_TIME *
@@ -344,6 +346,7 @@ ASN1_time_parse(const char *bytes, size_t len, struct tm *tm, int mode)
 
 	return -1;
 }
+LCRYPTO_ALIAS(ASN1_time_parse);
 
 /*
  * ASN1_TIME generic functions.
@@ -404,6 +407,7 @@ ASN1_TIME_set(ASN1_TIME *s, time_t t)
 {
 	return (ASN1_TIME_adj(s, t, 0, 0));
 }
+LCRYPTO_ALIAS(ASN1_TIME_set);
 
 ASN1_TIME *
 ASN1_TIME_set_tm(ASN1_TIME *s, struct tm *tm)
@@ -414,12 +418,14 @@ ASN1_TIME_set_tm(ASN1_TIME *s, struct tm *tm)
 		return NULL;
 	return (ASN1_TIME_adj(s, t, 0, 0));
 }
+LCRYPTO_ALIAS(ASN1_TIME_set_tm);
 
 ASN1_TIME *
 ASN1_TIME_adj(ASN1_TIME *s, time_t t, int offset_day, long offset_sec)
 {
 	return (ASN1_TIME_adj_internal(s, t, offset_day, offset_sec, RFC5280));
 }
+LCRYPTO_ALIAS(ASN1_TIME_adj);
 
 int
 ASN1_TIME_check(const ASN1_TIME *t)
@@ -428,6 +434,7 @@ ASN1_TIME_check(const ASN1_TIME *t)
 		return (0);
 	return (t->type == ASN1_time_parse(t->data, t->length, NULL, t->type));
 }
+LCRYPTO_ALIAS(ASN1_TIME_check);
 
 ASN1_GENERALIZEDTIME *
 ASN1_TIME_to_generalizedtime(const ASN1_TIME *t, ASN1_GENERALIZEDTIME **out)
@@ -450,12 +457,14 @@ ASN1_TIME_to_generalizedtime(const ASN1_TIME *t, ASN1_GENERALIZEDTIME **out)
 
 	return (agt);
 }
+LCRYPTO_ALIAS(ASN1_TIME_to_generalizedtime);
 
 int
 ASN1_TIME_set_string(ASN1_TIME *s, const char *str)
 {
 	return (ASN1_TIME_set_string_internal(s, str, 0));
 }
+LCRYPTO_ALIAS(ASN1_TIME_set_string);
 
 static int
 ASN1_TIME_cmp_time_t_internal(const ASN1_TIME *s, time_t t2, int mode)
@@ -500,6 +509,7 @@ ASN1_TIME_compare(const ASN1_TIME *t1, const ASN1_TIME *t2)
 
 	return ASN1_time_tm_cmp(&tm1, &tm2);
 }
+LCRYPTO_ALIAS(ASN1_TIME_compare);
 
 int
 ASN1_TIME_cmp_time_t(const ASN1_TIME *s, time_t t)
@@ -511,6 +521,7 @@ ASN1_TIME_cmp_time_t(const ASN1_TIME *s, time_t t)
 		    V_ASN1_GENERALIZEDTIME);
 	return -2;
 }
+LCRYPTO_ALIAS(ASN1_TIME_cmp_time_t);
 
 /*
  * ASN1_UTCTIME wrappers
@@ -523,6 +534,7 @@ ASN1_UTCTIME_check(const ASN1_UTCTIME *d)
 		return (0);
 	return (d->type == ASN1_time_parse(d->data, d->length, NULL, d->type));
 }
+LCRYPTO_ALIAS(ASN1_UTCTIME_check);
 
 int
 ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str)
@@ -531,12 +543,14 @@ ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str)
 		return (0);
 	return (ASN1_TIME_set_string_internal(s, str, V_ASN1_UTCTIME));
 }
+LCRYPTO_ALIAS(ASN1_UTCTIME_set_string);
 
 ASN1_UTCTIME *
 ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
 {
 	return (ASN1_UTCTIME_adj(s, t, 0, 0));
 }
+LCRYPTO_ALIAS(ASN1_UTCTIME_set);
 
 ASN1_UTCTIME *
 ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t, int offset_day, long offset_sec)
@@ -544,6 +558,7 @@ ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t, int offset_day, long offset_sec)
 	return (ASN1_TIME_adj_internal(s, t, offset_day, offset_sec,
 	    V_ASN1_UTCTIME));
 }
+LCRYPTO_ALIAS(ASN1_UTCTIME_adj);
 
 int
 ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t)
@@ -552,6 +567,7 @@ ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t)
 		return ASN1_TIME_cmp_time_t_internal(s, t, V_ASN1_UTCTIME);
 	return -2;
 }
+LCRYPTO_ALIAS(ASN1_UTCTIME_cmp_time_t);
 
 /*
  * ASN1_GENERALIZEDTIME wrappers
@@ -564,6 +580,7 @@ ASN1_GENERALIZEDTIME_check(const ASN1_GENERALIZEDTIME *d)
 		return (0);
 	return (d->type == ASN1_time_parse(d->data, d->length, NULL, d->type));
 }
+LCRYPTO_ALIAS(ASN1_GENERALIZEDTIME_check);
 
 int
 ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str)
@@ -572,12 +589,14 @@ ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str)
 		return (0);
 	return (ASN1_TIME_set_string_internal(s, str, V_ASN1_GENERALIZEDTIME));
 }
+LCRYPTO_ALIAS(ASN1_GENERALIZEDTIME_set_string);
 
 ASN1_GENERALIZEDTIME *
 ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s, time_t t)
 {
 	return (ASN1_GENERALIZEDTIME_adj(s, t, 0, 0));
 }
+LCRYPTO_ALIAS(ASN1_GENERALIZEDTIME_set);
 
 ASN1_GENERALIZEDTIME *
 ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s, time_t t, int offset_day,
@@ -586,6 +605,7 @@ ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s, time_t t, int offset_day,
 	return (ASN1_TIME_adj_internal(s, t, offset_day, offset_sec,
 	    V_ASN1_GENERALIZEDTIME));
 }
+LCRYPTO_ALIAS(ASN1_GENERALIZEDTIME_adj);
 
 int
 ASN1_TIME_normalize(ASN1_TIME *t)
@@ -596,9 +616,11 @@ ASN1_TIME_normalize(ASN1_TIME *t)
 		return 0;
 	return tm_to_rfc5280_time(&tm, t) != NULL;
 }
+LCRYPTO_ALIAS(ASN1_TIME_normalize);
 
 int
 ASN1_TIME_set_string_X509(ASN1_TIME *s, const char *str)
 {
 	return ASN1_TIME_set_string_internal(s, str, RFC5280);
 }
+LCRYPTO_ALIAS(ASN1_TIME_set_string_X509);

lib/libcrypto/asn1/a_type.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: a_type.c,v 1.25 2023/03/11 14:05:02 jsing Exp $ */
+/* $OpenBSD: a_type.c,v 1.26 2023/07/05 21:23:36 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -94,12 +94,14 @@ ASN1_TYPE_new(void)
 {
 	return (ASN1_TYPE *)ASN1_item_new(&ASN1_ANY_it);
 }
+LCRYPTO_ALIAS(ASN1_TYPE_new);
 
 void
 ASN1_TYPE_free(ASN1_TYPE *a)
 {
 	ASN1_item_free((ASN1_VALUE *)a, &ASN1_ANY_it);
 }
+LCRYPTO_ALIAS(ASN1_TYPE_free);
 
 int
 ASN1_TYPE_get(const ASN1_TYPE *a)
@@ -113,6 +115,7 @@ ASN1_TYPE_get(const ASN1_TYPE *a)
 
 	return 0;
 }
+LCRYPTO_ALIAS(ASN1_TYPE_get);
 
 void
 ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value)
@@ -127,6 +130,7 @@ ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value)
 	else
 		a->value.ptr = value;
 }
+LCRYPTO_ALIAS(ASN1_TYPE_set);
 
 int
 ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value)
@@ -149,6 +153,7 @@ ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value)
 	}
 	return 1;
 }
+LCRYPTO_ALIAS(ASN1_TYPE_set1);
 
 /* Returns 0 if they are equal, != 0 otherwise. */
 int
@@ -198,6 +203,7 @@ ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b)
 
 	return result;
 }
+LCRYPTO_ALIAS(ASN1_TYPE_cmp);
 
 int
 ASN1_TYPE_set_octetstring(ASN1_TYPE *a, const unsigned char *data, int len)
@@ -213,6 +219,7 @@ ASN1_TYPE_set_octetstring(ASN1_TYPE *a, const unsigned char *data, int len)
 	ASN1_TYPE_set(a, V_ASN1_OCTET_STRING, os);
 	return (1);
 }
+LCRYPTO_ALIAS(ASN1_TYPE_set_octetstring);
 
 int
 ASN1_TYPE_get_octetstring(const ASN1_TYPE *a, unsigned char *data, int max_len)
@@ -234,6 +241,7 @@ ASN1_TYPE_get_octetstring(const ASN1_TYPE *a, unsigned char *data, int max_len)
 	memcpy(data, p, num);
 	return (ret);
 }
+LCRYPTO_ALIAS(ASN1_TYPE_get_octetstring);
 
 int
 ASN1_TYPE_set_int_octetstring(ASN1_TYPE *at, long num, const unsigned char *data,
@@ -265,6 +273,7 @@ ASN1_TYPE_set_int_octetstring(ASN1_TYPE *at, long num, const unsigned char *data
 
 	return ret;
 }
+LCRYPTO_ALIAS(ASN1_TYPE_set_int_octetstring);
 
 int
 ASN1_TYPE_get_int_octetstring(const ASN1_TYPE *at, long *num, unsigned char *data,
@@ -300,6 +309,7 @@ ASN1_TYPE_get_int_octetstring(const ASN1_TYPE *at, long *num, unsigned char *dat
 
 	return ret;
 }
+LCRYPTO_ALIAS(ASN1_TYPE_get_int_octetstring);
 
 ASN1_TYPE *
 ASN1_TYPE_pack_sequence(const ASN1_ITEM *it, void *s, ASN1_TYPE **t)
@@ -337,6 +347,7 @@ i2d_ASN1_TYPE(ASN1_TYPE *a, unsigned char **out)
 {
 	return ASN1_item_i2d((ASN1_VALUE *)a, out, &ASN1_ANY_it);
 }
+LCRYPTO_ALIAS(i2d_ASN1_TYPE);
 
 ASN1_TYPE *
 d2i_ASN1_TYPE(ASN1_TYPE **a, const unsigned char **in, long len)
@@ -344,3 +355,4 @@ d2i_ASN1_TYPE(ASN1_TYPE **a, const unsigned char **in, long len)
 	return (ASN1_TYPE *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
 	    &ASN1_ANY_it);
 }
+LCRYPTO_ALIAS(d2i_ASN1_TYPE);

lib/libcrypto/asn1/ameth_lib.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: ameth_lib.c,v 1.30 2022/11/26 16:08:50 tb Exp $ */
+/* $OpenBSD: ameth_lib.c,v 1.31 2023/07/05 21:23:36 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -120,6 +120,7 @@ EVP_PKEY_asn1_get_count(void)
 
 	return num;
 }
+LCRYPTO_ALIAS(EVP_PKEY_asn1_get_count);
 
 const EVP_PKEY_ASN1_METHOD *
 EVP_PKEY_asn1_get0(int idx)
@@ -135,6 +136,7 @@ EVP_PKEY_asn1_get0(int idx)
 
 	return sk_EVP_PKEY_ASN1_METHOD_value(asn1_app_methods, idx);
 }
+LCRYPTO_ALIAS(EVP_PKEY_asn1_get0);
 
 static const EVP_PKEY_ASN1_METHOD *
 pkey_asn1_find(int pkey_id)
@@ -183,6 +185,7 @@ EVP_PKEY_asn1_find(ENGINE **pe, int type)
 	}
 	return mp;
 }
+LCRYPTO_ALIAS(EVP_PKEY_asn1_find);
 
 const EVP_PKEY_ASN1_METHOD *
 EVP_PKEY_asn1_find_str(ENGINE **pe, const char *str, int len)
@@ -219,6 +222,7 @@ EVP_PKEY_asn1_find_str(ENGINE **pe, const char *str, int len)
 	}
 	return NULL;
 }
+LCRYPTO_ALIAS(EVP_PKEY_asn1_find_str);
 
 int
 EVP_PKEY_asn1_add0(const EVP_PKEY_ASN1_METHOD *ameth)
@@ -234,6 +238,7 @@ EVP_PKEY_asn1_add0(const EVP_PKEY_ASN1_METHOD *ameth)
 
 	return 1;
 }
+LCRYPTO_ALIAS(EVP_PKEY_asn1_add0);
 
 int
 EVP_PKEY_asn1_add_alias(int to, int from)
@@ -251,6 +256,7 @@ EVP_PKEY_asn1_add_alias(int to, int from)
 	}
 	return 1;
 }
+LCRYPTO_ALIAS(EVP_PKEY_asn1_add_alias);
 
 int
 EVP_PKEY_asn1_get0_info(int *ppkey_id, int *ppkey_base_id, int *ppkey_flags,
@@ -271,12 +277,14 @@ EVP_PKEY_asn1_get0_info(int *ppkey_id, int *ppkey_base_id, int *ppkey_flags,
 		*ppem_str = ameth->pem_str;
 	return 1;
 }
+LCRYPTO_ALIAS(EVP_PKEY_asn1_get0_info);
 
 const EVP_PKEY_ASN1_METHOD*
 EVP_PKEY_get0_asn1(const EVP_PKEY *pkey)
 {
 	return pkey->ameth;
 }
+LCRYPTO_ALIAS(EVP_PKEY_get0_asn1);
 
 EVP_PKEY_ASN1_METHOD*
 EVP_PKEY_asn1_new(int id, int flags, const char *pem_str, const char *info)
@@ -306,6 +314,7 @@ EVP_PKEY_asn1_new(int id, int flags, const char *pem_str, const char *info)
 	EVP_PKEY_asn1_free(ameth);
 	return NULL;
 }
+LCRYPTO_ALIAS(EVP_PKEY_asn1_new);
 
 void
 EVP_PKEY_asn1_copy(EVP_PKEY_ASN1_METHOD *dst, const EVP_PKEY_ASN1_METHOD *src)
@@ -326,6 +335,7 @@ EVP_PKEY_asn1_copy(EVP_PKEY_ASN1_METHOD *dst, const EVP_PKEY_ASN1_METHOD *src)
 	dst->pem_str = preserve.pem_str;
 	dst->info = preserve.info;
 }
+LCRYPTO_ALIAS(EVP_PKEY_asn1_copy);
 
 void
 EVP_PKEY_asn1_free(EVP_PKEY_ASN1_METHOD *ameth)
@@ -336,6 +346,7 @@ EVP_PKEY_asn1_free(EVP_PKEY_ASN1_METHOD *ameth)
 		free(ameth);
 	}
 }
+LCRYPTO_ALIAS(EVP_PKEY_asn1_free);
 
 void
 EVP_PKEY_asn1_set_public(EVP_PKEY_ASN1_METHOD *ameth,
@@ -354,6 +365,7 @@ EVP_PKEY_asn1_set_public(EVP_PKEY_ASN1_METHOD *ameth,
 	ameth->pkey_size = pkey_size;
 	ameth->pkey_bits = pkey_bits;
 }
+LCRYPTO_ALIAS(EVP_PKEY_asn1_set_public);
 
 void
 EVP_PKEY_asn1_set_private(EVP_PKEY_ASN1_METHOD *ameth,
@@ -366,6 +378,7 @@ EVP_PKEY_asn1_set_private(EVP_PKEY_ASN1_METHOD *ameth,
 	ameth->priv_encode = priv_encode;
 	ameth->priv_print = priv_print;
 }
+LCRYPTO_ALIAS(EVP_PKEY_asn1_set_private);
 
 void
 EVP_PKEY_asn1_set_param(EVP_PKEY_ASN1_METHOD *ameth,
@@ -384,6 +397,7 @@ EVP_PKEY_asn1_set_param(EVP_PKEY_ASN1_METHOD *ameth,
 	ameth->param_cmp = param_cmp;
 	ameth->param_print = param_print;
 }
+LCRYPTO_ALIAS(EVP_PKEY_asn1_set_param);
 
 void
 EVP_PKEY_asn1_set_free(EVP_PKEY_ASN1_METHOD *ameth,
@@ -391,6 +405,7 @@ EVP_PKEY_asn1_set_free(EVP_PKEY_ASN1_METHOD *ameth,
 {
 	ameth->pkey_free = pkey_free;
 }
+LCRYPTO_ALIAS(EVP_PKEY_asn1_set_free);
 
 void
 EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth,
@@ -398,6 +413,7 @@ EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth,
 {
 	ameth->pkey_ctrl = pkey_ctrl;
 }
+LCRYPTO_ALIAS(EVP_PKEY_asn1_set_ctrl);
 
 void
 EVP_PKEY_asn1_set_security_bits(EVP_PKEY_ASN1_METHOD *ameth,
@@ -405,6 +421,7 @@ EVP_PKEY_asn1_set_security_bits(EVP_PKEY_ASN1_METHOD *ameth,
 {
 	ameth->pkey_security_bits = pkey_security_bits;
 }
+LCRYPTO_ALIAS(EVP_PKEY_asn1_set_security_bits);
 
 void
 EVP_PKEY_asn1_set_check(EVP_PKEY_ASN1_METHOD *ameth,
@@ -412,6 +429,7 @@ EVP_PKEY_asn1_set_check(EVP_PKEY_ASN1_METHOD *ameth,
 {
 	ameth->pkey_check = pkey_check;
 }
+LCRYPTO_ALIAS(EVP_PKEY_asn1_set_check);
 
 void
 EVP_PKEY_asn1_set_public_check(EVP_PKEY_ASN1_METHOD *ameth,
@@ -419,6 +437,7 @@ EVP_PKEY_asn1_set_public_check(EVP_PKEY_ASN1_METHOD *ameth,
 {
 	ameth->pkey_public_check = pkey_public_check;
 }
+LCRYPTO_ALIAS(EVP_PKEY_asn1_set_public_check);
 
 void
 EVP_PKEY_asn1_set_param_check(EVP_PKEY_ASN1_METHOD *ameth,
@@ -426,3 +445,4 @@ EVP_PKEY_asn1_set_param_check(EVP_PKEY_ASN1_METHOD *ameth,
 {
 	ameth->pkey_param_check = pkey_param_check;
 }
+LCRYPTO_ALIAS(EVP_PKEY_asn1_set_param_check);

lib/libcrypto/asn1/asn1_err.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: asn1_err.c,v 1.25 2022/08/29 06:48:58 jsing Exp $ */
+/* $OpenBSD: asn1_err.c,v 1.26 2023/07/05 21:23:36 beck Exp $ */
 /* ====================================================================
  * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
  *
@@ -211,3 +211,4 @@ ERR_load_ASN1_strings(void)
 	}
 #endif
 }
+LCRYPTO_ALIAS(ERR_load_ASN1_strings);

lib/libcrypto/asn1/asn1_gen.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: asn1_gen.c,v 1.20 2022/11/26 16:08:50 tb Exp $ */
+/* $OpenBSD: asn1_gen.c,v 1.21 2023/07/05 21:23:36 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2002.
  */
@@ -133,6 +133,7 @@ ASN1_generate_nconf(const char *str, CONF *nconf)
 	X509V3_set_nconf(&cnf, nconf);
 	return ASN1_generate_v3(str, &cnf);
 }
+LCRYPTO_ALIAS(ASN1_generate_nconf);
 
 ASN1_TYPE *
 ASN1_generate_v3(const char *str, X509V3_CTX *cnf)
@@ -266,6 +267,7 @@ ASN1_generate_v3(const char *str, X509V3_CTX *cnf)
 
 	return ret;
 }
+LCRYPTO_ALIAS(ASN1_generate_v3);
 
 static int
 asn1_cb(const char *elem, int len, void *bitstr)

lib/libcrypto/asn1/asn1_item.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: asn1_item.c,v 1.14 2023/06/15 13:58:56 tb Exp $ */
+/* $OpenBSD: asn1_item.c,v 1.15 2023/07/05 21:23:36 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -138,6 +138,7 @@ ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *asn,
 	free(str);
 	return (1);
 }
+LCRYPTO_ALIAS(ASN1_item_digest);
 
 /*
  * ASN1_ITEM version of ASN1_dup(): follows the same model except there's no
@@ -166,6 +167,7 @@ ASN1_item_dup(const ASN1_ITEM *it, void *x)
 	free(b);
 	return (ret);
 }
+LCRYPTO_ALIAS(ASN1_item_dup);
 
 /* Pack an ASN1 object into an ASN1_STRING. */
 ASN1_STRING *
@@ -200,6 +202,7 @@ ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_STRING **oct)
 		ASN1_STRING_free(octmp);
 	return NULL;
 }
+LCRYPTO_ALIAS(ASN1_item_pack);
 
 /* Extract an ASN1 object from an ASN1_STRING. */
 void *
@@ -213,6 +216,7 @@ ASN1_item_unpack(const ASN1_STRING *oct, const ASN1_ITEM *it)
 		ASN1error(ASN1_R_DECODE_ERROR);
 	return ret;
 }
+LCRYPTO_ALIAS(ASN1_item_unpack);
 
 int
 ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
@@ -226,6 +230,7 @@ ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
 	}
 	return ASN1_item_sign_ctx(it, algor1, algor2, signature, asn, &ctx);
 }
+LCRYPTO_ALIAS(ASN1_item_sign);
 
 int
 ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
@@ -335,6 +340,7 @@ ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
 
 	return ret;
 }
+LCRYPTO_ALIAS(ASN1_item_sign_ctx);
 
 int
 ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
@@ -420,6 +426,7 @@ ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
 
 	return ret;
 }
+LCRYPTO_ALIAS(ASN1_item_verify);
 
 #define HEADER_SIZE   8
 #define ASN1_CHUNK_INITIAL_SIZE (16 * 1024)
@@ -586,6 +593,7 @@ ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x)
 		BUF_MEM_free(b);
 	return (ret);
 }
+LCRYPTO_ALIAS(ASN1_item_d2i_bio);
 
 void *
 ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x)
@@ -602,6 +610,7 @@ ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x)
 	BIO_free(b);
 	return (ret);
 }
+LCRYPTO_ALIAS(ASN1_item_d2i_fp);
 
 int
 ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x)
@@ -629,6 +638,7 @@ ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x)
 	free(b);
 	return (ret);
 }
+LCRYPTO_ALIAS(ASN1_item_i2d_bio);
 
 int
 ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x)
@@ -645,3 +655,4 @@ ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x)
 	BIO_free(b);
 	return (ret);
 }
+LCRYPTO_ALIAS(ASN1_item_i2d_fp);

lib/libcrypto/asn1/asn1_old.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: asn1_old.c,v 1.3 2022/11/26 16:08:50 tb Exp $ */
+/* $OpenBSD: asn1_old.c,v 1.4 2023/07/05 21:23:36 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -91,6 +91,7 @@ ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, void *x)
 	free(b);
 	return (ret);
 }
+LCRYPTO_ALIAS(ASN1_dup);
 
 void *
 ASN1_d2i_fp(void *(*xnew)(void), d2i_of_void *d2i, FILE *in, void **x)
@@ -107,6 +108,7 @@ ASN1_d2i_fp(void *(*xnew)(void), d2i_of_void *d2i, FILE *in, void **x)
 	BIO_free(b);
 	return (ret);
 }
+LCRYPTO_ALIAS(ASN1_d2i_fp);
 
 void *
 ASN1_d2i_bio(void *(*xnew)(void), d2i_of_void *d2i, BIO *in, void **x)
@@ -128,6 +130,7 @@ ASN1_d2i_bio(void *(*xnew)(void), d2i_of_void *d2i, BIO *in, void **x)
 		BUF_MEM_free(b);
 	return (ret);
 }
+LCRYPTO_ALIAS(ASN1_d2i_bio);
 
 int
 ASN1_i2d_fp(i2d_of_void *i2d, FILE *out, void *x)
@@ -144,6 +147,7 @@ ASN1_i2d_fp(i2d_of_void *i2d, FILE *out, void *x)
 	BIO_free(b);
 	return (ret);
 }
+LCRYPTO_ALIAS(ASN1_i2d_fp);
 
 int
 ASN1_i2d_bio(i2d_of_void *i2d, BIO *out, unsigned char *x)
@@ -176,5 +180,6 @@ ASN1_i2d_bio(i2d_of_void *i2d, BIO *out, unsigned char *x)
 	free(b);
 	return (ret);
 }
+LCRYPTO_ALIAS(ASN1_i2d_bio);
 
 #endif

lib/libcrypto/asn1/asn1_old_lib.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: asn1_old_lib.c,v 1.5 2022/11/26 16:08:50 tb Exp $ */
+/* $OpenBSD: asn1_old_lib.c,v 1.6 2023/07/05 21:23:36 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -118,6 +118,7 @@ ASN1_get_object(const unsigned char **pp, long *plength, int *ptag,
 
 	return ret;
 }
+LCRYPTO_ALIAS(ASN1_get_object);
 
 /* class 0 is constructed
  * constructed == 2 for indefinite length constructed */
@@ -151,6 +152,7 @@ ASN1_put_object(unsigned char **pp, int constructed, int length, int tag,
 		asn1_put_length(&p, length);
 	*pp = p;
 }
+LCRYPTO_ALIAS(ASN1_put_object);
 
 int
 ASN1_put_eoc(unsigned char **pp)
@@ -162,6 +164,7 @@ ASN1_put_eoc(unsigned char **pp)
 	*pp = p;
 	return 2;
 }
+LCRYPTO_ALIAS(ASN1_put_eoc);
 
 static void
 asn1_put_length(unsigned char **pp, int length)
@@ -210,3 +213,4 @@ ASN1_object_size(int constructed, int length, int tag)
 	}
 	return (ret);
 }
+LCRYPTO_ALIAS(ASN1_object_size);

lib/libcrypto/asn1/asn1_par.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: asn1_par.c,v 1.34 2022/02/12 03:07:24 jsing Exp $ */
+/* $OpenBSD: asn1_par.c,v 1.35 2023/07/05 21:23:36 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -107,12 +107,14 @@ ASN1_parse(BIO *bp, const unsigned char *pp, long len, int indent)
 {
 	return (asn1_parse2(bp, &pp, len, 0, 0, indent, 0));
 }
+LCRYPTO_ALIAS(ASN1_parse);
 
 int
 ASN1_parse_dump(BIO *bp, const unsigned char *pp, long len, int indent, int dump)
 {
 	return (asn1_parse2(bp, &pp, len, 0, 0, indent, dump));
 }
+LCRYPTO_ALIAS(ASN1_parse_dump);
 
 static int
 asn1_parse2(BIO *bp, const unsigned char **pp, long length, int offset,

lib/libcrypto/asn1/asn1_types.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: asn1_types.c,v 1.2 2022/09/03 18:52:18 jsing Exp $ */
+/* $OpenBSD: asn1_types.c,v 1.3 2023/07/05 21:23:36 beck Exp $ */
 /*
  * Copyright (c) 2021 Joel Sing <jsing@openbsd.org>
  *
@@ -287,6 +287,7 @@ ASN1_tag2bit(int tag)
 
 	return 0;
 }
+LCRYPTO_ALIAS(ASN1_tag2bit);
 
 const char *
 ASN1_tag2str(int tag)
@@ -301,3 +302,4 @@ ASN1_tag2str(int tag)
 
 	return "(unknown)";
 }
+LCRYPTO_ALIAS(ASN1_tag2str);

lib/libcrypto/asn1/asn_mime.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: asn_mime.c,v 1.31 2023/04/19 16:36:34 tb Exp $ */
+/* $OpenBSD: asn_mime.c,v 1.32 2023/07/05 21:23:36 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
  */
@@ -565,6 +565,7 @@ SMIME_crlf_copy(BIO *in, BIO *out, int flags)
 	BIO_free(bf);
 	return 1;
 }
+LCRYPTO_ALIAS(SMIME_crlf_copy);
 
 /* Strip off headers if they are text/plain */
 int
@@ -597,6 +598,7 @@ SMIME_text(BIO *in, BIO *out)
 		return 0;
 	return 1;
 }
+LCRYPTO_ALIAS(SMIME_text);
 
 /*
  * Split a multipart/XXX message body into component parts: result is

lib/libcrypto/asn1/asn_moid.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: asn_moid.c,v 1.15 2022/11/26 16:08:50 tb Exp $ */
+/* $OpenBSD: asn_moid.c,v 1.16 2023/07/05 21:23:36 beck Exp $ */
 /* Written by Stephen Henson (steve@openssl.org) for the OpenSSL
  * project 2001.
  */
@@ -105,6 +105,7 @@ ASN1_add_oid_module(void)
 {
 	CONF_module_add("oid_section", oid_module_init, oid_module_finish);
 }
+LCRYPTO_ALIAS(ASN1_add_oid_module);
 
 /* Create an OID based on a name value pair. Accept two formats.
  * shortname = 1.2.3.4

lib/libcrypto/asn1/bio_asn1.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: bio_asn1.c,v 1.21 2023/03/25 10:45:20 tb Exp $ */
+/* $OpenBSD: bio_asn1.c,v 1.22 2023/07/05 21:23:36 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
  */
@@ -144,6 +144,7 @@ BIO_f_asn1(void)
 {
 	return (&methods_asn1);
 }
+LCRYPTO_ALIAS(BIO_f_asn1);
 
 static int
 asn1_bio_new(BIO *b)
@@ -470,21 +471,25 @@ BIO_asn1_set_prefix(BIO *b, asn1_ps_func *prefix, asn1_ps_func *prefix_free)
 {
 	return asn1_bio_set_ex(b, BIO_C_SET_PREFIX, prefix, prefix_free);
 }
+LCRYPTO_ALIAS(BIO_asn1_set_prefix);
 
 int
 BIO_asn1_get_prefix(BIO *b, asn1_ps_func **pprefix, asn1_ps_func **pprefix_free)
 {
 	return asn1_bio_get_ex(b, BIO_C_GET_PREFIX, pprefix, pprefix_free);
 }
+LCRYPTO_ALIAS(BIO_asn1_get_prefix);
 
 int
 BIO_asn1_set_suffix(BIO *b, asn1_ps_func *suffix, asn1_ps_func *suffix_free)
 {
 	return asn1_bio_set_ex(b, BIO_C_SET_SUFFIX, suffix, suffix_free);
 }
+LCRYPTO_ALIAS(BIO_asn1_set_suffix);
 
 int
 BIO_asn1_get_suffix(BIO *b, asn1_ps_func **psuffix, asn1_ps_func **psuffix_free)
 {
 	return asn1_bio_get_ex(b, BIO_C_GET_SUFFIX, psuffix, psuffix_free);
 }
+LCRYPTO_ALIAS(BIO_asn1_get_suffix);

lib/libcrypto/asn1/p5_pbe.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: p5_pbe.c,v 1.23 2021/12/25 13:17:48 jsing Exp $ */
+/* $OpenBSD: p5_pbe.c,v 1.24 2023/07/05 21:23:36 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -95,24 +95,28 @@ d2i_PBEPARAM(PBEPARAM **a, const unsigned char **in, long len)
 	return (PBEPARAM *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
 	    &PBEPARAM_it);
 }
+LCRYPTO_ALIAS(d2i_PBEPARAM);
 
 int
 i2d_PBEPARAM(PBEPARAM *a, unsigned char **out)
 {
 	return ASN1_item_i2d((ASN1_VALUE *)a, out, &PBEPARAM_it);
 }
+LCRYPTO_ALIAS(i2d_PBEPARAM);
 
 PBEPARAM *
 PBEPARAM_new(void)
 {
 	return (PBEPARAM *)ASN1_item_new(&PBEPARAM_it);
 }
+LCRYPTO_ALIAS(PBEPARAM_new);
 
 void
 PBEPARAM_free(PBEPARAM *a)
 {
 	ASN1_item_free((ASN1_VALUE *)a, &PBEPARAM_it);
 }
+LCRYPTO_ALIAS(PBEPARAM_free);
 
 
 /* Set an algorithm identifier for a PKCS#5 PBE algorithm */
@@ -165,6 +169,7 @@ PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter,
 	ASN1_STRING_free(pbe_str);
 	return 0;
 }
+LCRYPTO_ALIAS(PKCS5_pbe_set0_algor);
 
 /* Return an algorithm identifier for a PKCS#5 PBE algorithm */
 
@@ -184,3 +189,4 @@ PKCS5_pbe_set(int alg, int iter, const unsigned char *salt, int saltlen)
 	X509_ALGOR_free(ret);
 	return NULL;
 }
+LCRYPTO_ALIAS(PKCS5_pbe_set);

lib/libcrypto/asn1/p5_pbev2.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: p5_pbev2.c,v 1.28 2022/11/26 16:08:50 tb Exp $ */
+/* $OpenBSD: p5_pbev2.c,v 1.29 2023/07/05 21:23:36 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999-2004.
  */
@@ -97,24 +97,28 @@ d2i_PBE2PARAM(PBE2PARAM **a, const unsigned char **in, long len)
 	return (PBE2PARAM *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
 	    &PBE2PARAM_it);
 }
+LCRYPTO_ALIAS(d2i_PBE2PARAM);
 
 int
 i2d_PBE2PARAM(PBE2PARAM *a, unsigned char **out)
 {
 	return ASN1_item_i2d((ASN1_VALUE *)a, out, &PBE2PARAM_it);
 }
+LCRYPTO_ALIAS(i2d_PBE2PARAM);
 
 PBE2PARAM *
 PBE2PARAM_new(void)
 {
 	return (PBE2PARAM *)ASN1_item_new(&PBE2PARAM_it);
 }
+LCRYPTO_ALIAS(PBE2PARAM_new);
 
 void
 PBE2PARAM_free(PBE2PARAM *a)
 {
 	ASN1_item_free((ASN1_VALUE *)a, &PBE2PARAM_it);
 }
+LCRYPTO_ALIAS(PBE2PARAM_free);
 
 static const ASN1_TEMPLATE PBKDF2PARAM_seq_tt[] = {
 	{
@@ -157,24 +161,28 @@ d2i_PBKDF2PARAM(PBKDF2PARAM **a, const unsigned char **in, long len)
 	return (PBKDF2PARAM *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
 	    &PBKDF2PARAM_it);
 }
+LCRYPTO_ALIAS(d2i_PBKDF2PARAM);
 
 int
 i2d_PBKDF2PARAM(PBKDF2PARAM *a, unsigned char **out)
 {
 	return ASN1_item_i2d((ASN1_VALUE *)a, out, &PBKDF2PARAM_it);
 }
+LCRYPTO_ALIAS(i2d_PBKDF2PARAM);
 
 PBKDF2PARAM *
 PBKDF2PARAM_new(void)
 {
 	return (PBKDF2PARAM *)ASN1_item_new(&PBKDF2PARAM_it);
 }
+LCRYPTO_ALIAS(PBKDF2PARAM_new);
 
 void
 PBKDF2PARAM_free(PBKDF2PARAM *a)
 {
 	ASN1_item_free((ASN1_VALUE *)a, &PBKDF2PARAM_it);
 }
+LCRYPTO_ALIAS(PBKDF2PARAM_free);
 
 /* Return an algorithm identifier for a PKCS#5 v2.0 PBE algorithm:
  * yes I know this is horrible!
@@ -285,6 +293,7 @@ PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, unsigned char *salt,
 
 	return NULL;
 }
+LCRYPTO_ALIAS(PKCS5_pbe2_set_iv);
 
 X509_ALGOR *
 PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, unsigned char *salt,
@@ -292,6 +301,7 @@ PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, unsigned char *salt,
 {
 	return PKCS5_pbe2_set_iv(cipher, iter, salt, saltlen, NULL, -1);
 }
+LCRYPTO_ALIAS(PKCS5_pbe2_set);
 
 X509_ALGOR *
 PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen, int prf_nid,
@@ -372,3 +382,4 @@ PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen, int prf_nid,
 	X509_ALGOR_free(keyfunc);
 	return NULL;
 }
+LCRYPTO_ALIAS(PKCS5_pbkdf2_set);

lib/libcrypto/asn1/p8_pkey.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: p8_pkey.c,v 1.21 2022/11/26 16:08:50 tb Exp $ */
+/* $OpenBSD: p8_pkey.c,v 1.22 2023/07/05 21:23:36 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -121,24 +121,28 @@ d2i_PKCS8_PRIV_KEY_INFO(PKCS8_PRIV_KEY_INFO **a, const unsigned char **in, long
 	return (PKCS8_PRIV_KEY_INFO *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
 	    &PKCS8_PRIV_KEY_INFO_it);
 }
+LCRYPTO_ALIAS(d2i_PKCS8_PRIV_KEY_INFO);
 
 int
 i2d_PKCS8_PRIV_KEY_INFO(PKCS8_PRIV_KEY_INFO *a, unsigned char **out)
 {
 	return ASN1_item_i2d((ASN1_VALUE *)a, out, &PKCS8_PRIV_KEY_INFO_it);
 }
+LCRYPTO_ALIAS(i2d_PKCS8_PRIV_KEY_INFO);
 
 PKCS8_PRIV_KEY_INFO *
 PKCS8_PRIV_KEY_INFO_new(void)
 {
 	return (PKCS8_PRIV_KEY_INFO *)ASN1_item_new(&PKCS8_PRIV_KEY_INFO_it);
 }
+LCRYPTO_ALIAS(PKCS8_PRIV_KEY_INFO_new);
 
 void
 PKCS8_PRIV_KEY_INFO_free(PKCS8_PRIV_KEY_INFO *a)
 {
 	ASN1_item_free((ASN1_VALUE *)a, &PKCS8_PRIV_KEY_INFO_it);
 }
+LCRYPTO_ALIAS(PKCS8_PRIV_KEY_INFO_free);
 
 int
 PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj, int version,
@@ -154,6 +158,7 @@ PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj, int version,
 		ASN1_STRING_set0(priv->pkey, penc, penclen);
 	return 1;
 }
+LCRYPTO_ALIAS(PKCS8_pkey_set0);
 
 int
 PKCS8_pkey_get0(const ASN1_OBJECT **ppkalg, const unsigned char **pk,
@@ -169,12 +174,14 @@ PKCS8_pkey_get0(const ASN1_OBJECT **ppkalg, const unsigned char **pk,
 		*pa = p8->pkeyalg;
 	return 1;
 }
+LCRYPTO_ALIAS(PKCS8_pkey_get0);
 
 const STACK_OF(X509_ATTRIBUTE) *
 PKCS8_pkey_get0_attrs(const PKCS8_PRIV_KEY_INFO *p8)
 {
 	return p8->attributes;
 }
+LCRYPTO_ALIAS(PKCS8_pkey_get0_attrs);
 
 int
 PKCS8_pkey_add1_attr_by_NID(PKCS8_PRIV_KEY_INFO *p8, int nid, int type,
@@ -185,4 +192,4 @@ PKCS8_pkey_add1_attr_by_NID(PKCS8_PRIV_KEY_INFO *p8, int nid, int type,
 		return 1;
 	return 0;
 }
-
+LCRYPTO_ALIAS(PKCS8_pkey_add1_attr_by_NID);

lib/libcrypto/asn1/t_crl.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: t_crl.c,v 1.21 2022/11/26 16:08:50 tb Exp $ */
+/* $OpenBSD: t_crl.c,v 1.22 2023/07/05 21:23:36 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -83,6 +83,7 @@ X509_CRL_print_fp(FILE *fp, X509_CRL *x)
 	BIO_free(b);
 	return (ret);
 }
+LCRYPTO_ALIAS(X509_CRL_print_fp);
 
 int
 X509_CRL_print(BIO *out, X509_CRL *x)
@@ -143,3 +144,4 @@ X509_CRL_print(BIO *out, X509_CRL *x)
  err:
 	return 0;
 }
+LCRYPTO_ALIAS(X509_CRL_print);

lib/libcrypto/asn1/t_pkey.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: t_pkey.c,v 1.19 2022/11/26 16:08:50 tb Exp $ */
+/* $OpenBSD: t_pkey.c,v 1.20 2023/07/05 21:23:36 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -114,6 +114,7 @@ ASN1_bn_print(BIO *bp, const char *number, const BIGNUM *num,
 	}
 	return (1);
 }
+LCRYPTO_ALIAS(ASN1_bn_print);
 
 #define ASN1_BUF_PRINT_WIDTH		15
 #define ASN1_BUF_PRINT_MAX_INDENT	64
@@ -143,3 +144,4 @@ ASN1_buf_print(BIO *bp, const unsigned char *buf, size_t buflen, int indent)
 
 	return 1;
 }
+LCRYPTO_ALIAS(ASN1_buf_print);

lib/libcrypto/asn1/t_req.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: t_req.c,v 1.24 2022/11/26 16:08:50 tb Exp $ */
+/* $OpenBSD: t_req.c,v 1.25 2023/07/05 21:23:36 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -91,6 +91,7 @@ X509_REQ_print_fp(FILE *fp, X509_REQ *x)
 	BIO_free(b);
 	return (ret);
 }
+LCRYPTO_ALIAS(X509_REQ_print_fp);
 
 int
 X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags,
@@ -254,9 +255,11 @@ X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags,
 	X509error(ERR_R_BUF_LIB);
 	return (0);
 }
+LCRYPTO_ALIAS(X509_REQ_print_ex);
 
 int
 X509_REQ_print(BIO *bp, X509_REQ *x)
 {
 	return X509_REQ_print_ex(bp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
 }
+LCRYPTO_ALIAS(X509_REQ_print);

lib/libcrypto/asn1/t_spki.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: t_spki.c,v 1.14 2022/11/26 16:08:50 tb Exp $ */
+/* $OpenBSD: t_spki.c,v 1.15 2023/07/05 21:23:36 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -113,3 +113,4 @@ NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki)
 	BIO_write(out, "\n", 1);
 	return 1;
 }
+LCRYPTO_ALIAS(NETSCAPE_SPKI_print);

lib/libcrypto/asn1/t_x509.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: t_x509.c,v 1.41 2022/11/26 16:08:50 tb Exp $ */
+/* $OpenBSD: t_x509.c,v 1.42 2023/07/05 21:23:36 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -85,6 +85,7 @@ X509_print_fp(FILE *fp, X509 *x)
 {
 	return X509_print_ex_fp(fp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
 }
+LCRYPTO_ALIAS(X509_print_fp);
 
 int
 X509_print_ex_fp(FILE *fp, X509 *x, unsigned long nmflag, unsigned long cflag)
@@ -101,12 +102,14 @@ X509_print_ex_fp(FILE *fp, X509 *x, unsigned long nmflag, unsigned long cflag)
 	BIO_free(b);
 	return (ret);
 }
+LCRYPTO_ALIAS(X509_print_ex_fp);
 
 int
 X509_print(BIO *bp, X509 *x)
 {
 	return X509_print_ex(bp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
 }
+LCRYPTO_ALIAS(X509_print);
 
 int
 X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, unsigned long cflag)
@@ -250,6 +253,7 @@ X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, unsigned long cflag)
 	free(m);
 	return (ret);
 }
+LCRYPTO_ALIAS(X509_print_ex);
 
 int
 X509_ocspid_print(BIO *bp, X509 *x)
@@ -301,6 +305,7 @@ X509_ocspid_print(BIO *bp, X509 *x)
 	free(der);
 	return (0);
 }
+LCRYPTO_ALIAS(X509_ocspid_print);
 
 int
 X509_signature_dump(BIO *bp, const ASN1_STRING *sig, int indent)
@@ -326,6 +331,7 @@ X509_signature_dump(BIO *bp, const ASN1_STRING *sig, int indent)
 
 	return 1;
 }
+LCRYPTO_ALIAS(X509_signature_dump);
 
 int
 X509_signature_print(BIO *bp, const X509_ALGOR *sigalg, const ASN1_STRING *sig)
@@ -352,6 +358,7 @@ X509_signature_print(BIO *bp, const X509_ALGOR *sigalg, const ASN1_STRING *sig)
 		return 0;
 	return 1;
 }
+LCRYPTO_ALIAS(X509_signature_print);
 
 int
 ASN1_TIME_print(BIO *bp, const ASN1_TIME *tm)
@@ -363,6 +370,7 @@ ASN1_TIME_print(BIO *bp, const ASN1_TIME *tm)
 	BIO_write(bp, "Bad time value", 14);
 	return (0);
 }
+LCRYPTO_ALIAS(ASN1_TIME_print);
 
 static const char *mon[12] = {
 	"Jan", "Feb", "Mar", "Apr", "May", "Jun",
@@ -422,6 +430,7 @@ ASN1_GENERALIZEDTIME_print(BIO *bp, const ASN1_GENERALIZEDTIME *tm)
 	BIO_write(bp, "Bad time value", 14);
 	return (0);
 }
+LCRYPTO_ALIAS(ASN1_GENERALIZEDTIME_print);
 
 int
 ASN1_UTCTIME_print(BIO *bp, const ASN1_UTCTIME *tm)
@@ -465,6 +474,7 @@ ASN1_UTCTIME_print(BIO *bp, const ASN1_UTCTIME *tm)
 	BIO_write(bp, "Bad time value", 14);
 	return (0);
 }
+LCRYPTO_ALIAS(ASN1_UTCTIME_print);
 
 int
 X509_NAME_print(BIO *bp, const X509_NAME *name, int obase)
@@ -510,3 +520,4 @@ X509_NAME_print(BIO *bp, const X509_NAME *name, int obase)
 	free(b);
 	return (ret);
 }
+LCRYPTO_ALIAS(X509_NAME_print);

lib/libcrypto/asn1/t_x509a.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: t_x509a.c,v 1.11 2022/11/26 16:08:50 tb Exp $ */
+/* $OpenBSD: t_x509a.c,v 1.12 2023/07/05 21:23:36 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -117,3 +117,4 @@ X509_CERT_AUX_print(BIO *out, X509_CERT_AUX *aux, int indent)
 	}
 	return 1;
 }
+LCRYPTO_ALIAS(X509_CERT_AUX_print);

lib/libcrypto/asn1/tasn_dec.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: tasn_dec.c,v 1.86 2023/04/30 16:46:49 job Exp $ */
+/* $OpenBSD: tasn_dec.c,v 1.87 2023/07/05 21:23:36 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2000.
  */
@@ -1237,6 +1237,7 @@ ASN1_item_d2i(ASN1_VALUE **pval, const unsigned char **in, long inlen,
 
 	return *pval;
 }
+LCRYPTO_ALIAS(ASN1_item_d2i);
 
 int
 ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long inlen,
@@ -1256,6 +1257,7 @@ ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long inlen,
 
 	return ret;
 }
+LCRYPTO_ALIAS(ASN1_item_ex_d2i);
 
 int
 ASN1_template_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
@@ -1273,3 +1275,4 @@ ASN1_template_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
 
 	return ret;
 }
+LCRYPTO_ALIAS(ASN1_template_d2i);

lib/libcrypto/asn1/tasn_enc.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: tasn_enc.c,v 1.31 2023/04/30 16:46:49 job Exp $ */
+/* $OpenBSD: tasn_enc.c,v 1.32 2023/07/05 21:23:36 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2000.
  */
@@ -92,6 +92,7 @@ ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it)
 {
 	return asn1_item_flags_i2d(val, out, it, 0);
 }
+LCRYPTO_ALIAS(ASN1_item_i2d);
 
 /* Encode an ASN1 item, this is use by the
  * standard 'i2d' function. 'out' points to
@@ -268,6 +269,7 @@ ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it,
 	}
 	return 0;
 }
+LCRYPTO_ALIAS(ASN1_item_ex_i2d);
 
 int
 ASN1_template_i2d(ASN1_VALUE **pval, unsigned char **out,
@@ -275,6 +277,7 @@ ASN1_template_i2d(ASN1_VALUE **pval, unsigned char **out,
 {
 	return asn1_template_ex_i2d(pval, out, tt, -1, 0);
 }
+LCRYPTO_ALIAS(ASN1_template_i2d);
 
 static int
 asn1_template_ex_i2d(ASN1_VALUE **pval, unsigned char **out,

lib/libcrypto/asn1/tasn_fre.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: tasn_fre.c,v 1.21 2022/11/26 16:08:50 tb Exp $ */
+/* $OpenBSD: tasn_fre.c,v 1.22 2023/07/05 21:23:36 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2000.
  */
@@ -73,12 +73,14 @@ ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it)
 {
 	asn1_item_free(&val, it);
 }
+LCRYPTO_ALIAS(ASN1_item_free);
 
 void
 ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
 {
 	asn1_item_free(pval, it);
 }
+LCRYPTO_ALIAS(ASN1_item_ex_free);
 
 static void
 asn1_item_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
@@ -183,6 +185,7 @@ ASN1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
 	} else
 		asn1_item_free(pval, tt->item);
 }
+LCRYPTO_ALIAS(ASN1_template_free);
 
 void
 ASN1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
@@ -239,3 +242,4 @@ ASN1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
 	}
 	*pval = NULL;
 }
+LCRYPTO_ALIAS(ASN1_primitive_free);

lib/libcrypto/asn1/tasn_new.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: tasn_new.c,v 1.23 2022/11/26 16:08:50 tb Exp $ */
+/* $OpenBSD: tasn_new.c,v 1.24 2023/07/05 21:23:36 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2000.
  */
@@ -79,6 +79,7 @@ ASN1_item_new(const ASN1_ITEM *it)
 		return ret;
 	return NULL;
 }
+LCRYPTO_ALIAS(ASN1_item_new);
 
 /* Allocate an ASN1 structure */
 
@@ -87,6 +88,7 @@ ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
 {
 	return asn1_item_ex_new(pval, it);
 }
+LCRYPTO_ALIAS(ASN1_item_ex_new);
 
 static int
 asn1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
@@ -246,6 +248,7 @@ ASN1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
  done:
 	return ret;
 }
+LCRYPTO_ALIAS(ASN1_template_new);
 
 static void
 asn1_template_clear(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
@@ -315,6 +318,7 @@ ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
 		return 1;
 	return 0;
 }
+LCRYPTO_ALIAS(ASN1_primitive_new);
 
 static void
 asn1_primitive_clear(ASN1_VALUE **pval, const ASN1_ITEM *it)

lib/libcrypto/asn1/tasn_prn.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: tasn_prn.c,v 1.24 2023/04/17 08:43:16 tb Exp $ */
+/* $OpenBSD: tasn_prn.c,v 1.25 2023/07/05 21:23:36 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2000.
  */
@@ -88,72 +88,84 @@ ASN1_PCTX_new(void)
 
 	return p;
 }
+LCRYPTO_ALIAS(ASN1_PCTX_new);
 
 void
 ASN1_PCTX_free(ASN1_PCTX *p)
 {
 	free(p);
 }
+LCRYPTO_ALIAS(ASN1_PCTX_free);
 
 unsigned long
 ASN1_PCTX_get_flags(const ASN1_PCTX *p)
 {
 	return p->flags;
 }
+LCRYPTO_ALIAS(ASN1_PCTX_get_flags);
 
 void
 ASN1_PCTX_set_flags(ASN1_PCTX *p, unsigned long flags)
 {
 	p->flags = flags;
 }
+LCRYPTO_ALIAS(ASN1_PCTX_set_flags);
 
 unsigned long
 ASN1_PCTX_get_nm_flags(const ASN1_PCTX *p)
 {
 	return p->nm_flags;
 }
+LCRYPTO_ALIAS(ASN1_PCTX_get_nm_flags);
 
 void
 ASN1_PCTX_set_nm_flags(ASN1_PCTX *p, unsigned long flags)
 {
 	p->nm_flags = flags;
 }
+LCRYPTO_ALIAS(ASN1_PCTX_set_nm_flags);
 
 unsigned long
 ASN1_PCTX_get_cert_flags(const ASN1_PCTX *p)
 {
 	return p->cert_flags;
 }
+LCRYPTO_ALIAS(ASN1_PCTX_get_cert_flags);
 
 void
 ASN1_PCTX_set_cert_flags(ASN1_PCTX *p, unsigned long flags)
 {
 	p->cert_flags = flags;
 }
+LCRYPTO_ALIAS(ASN1_PCTX_set_cert_flags);
 
 unsigned long
 ASN1_PCTX_get_oid_flags(const ASN1_PCTX *p)
 {
 	return p->oid_flags;
 }
+LCRYPTO_ALIAS(ASN1_PCTX_get_oid_flags);
 
 void
 ASN1_PCTX_set_oid_flags(ASN1_PCTX *p, unsigned long flags)
 {
 	p->oid_flags = flags;
 }
+LCRYPTO_ALIAS(ASN1_PCTX_set_oid_flags);
 
 unsigned long
 ASN1_PCTX_get_str_flags(const ASN1_PCTX *p)
 {
 	return p->str_flags;
 }
+LCRYPTO_ALIAS(ASN1_PCTX_get_str_flags);
 
 void
 ASN1_PCTX_set_str_flags(ASN1_PCTX *p, unsigned long flags)
 {
 	p->str_flags = flags;
 }
+LCRYPTO_ALIAS(ASN1_PCTX_set_str_flags);
 
 /* Main print routines */
 
@@ -186,6 +198,7 @@ ASN1_item_print(BIO *out, ASN1_VALUE *ifld, int indent, const ASN1_ITEM *it,
 	return asn1_item_print_ctx(out, &ifld, indent, it, NULL, sname,
 	    0, pctx);
 }
+LCRYPTO_ALIAS(ASN1_item_print);
 
 static int
 asn1_item_print_ctx(BIO *out, ASN1_VALUE **fld, int indent, const ASN1_ITEM *it,

lib/libcrypto/asn1/tasn_typ.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: tasn_typ.c,v 1.17 2021/12/26 15:20:21 tb Exp $ */
+/* $OpenBSD: tasn_typ.c,v 1.18 2023/07/05 21:23:37 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2000.
  */
@@ -73,24 +73,28 @@ d2i_ASN1_NULL(ASN1_NULL **a, const unsigned char **in, long len)
 	return (ASN1_NULL *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
 	    &ASN1_NULL_it);
 }
+LCRYPTO_ALIAS(d2i_ASN1_NULL);
 
 int
 i2d_ASN1_NULL(ASN1_NULL *a, unsigned char **out)
 {
 	return ASN1_item_i2d((ASN1_VALUE *)a, out, &ASN1_NULL_it);
 }
+LCRYPTO_ALIAS(i2d_ASN1_NULL);
 
 ASN1_NULL *
 ASN1_NULL_new(void)
 {
 	return (ASN1_NULL *)ASN1_item_new(&ASN1_NULL_it);
 }
+LCRYPTO_ALIAS(ASN1_NULL_new);
 
 void
 ASN1_NULL_free(ASN1_NULL *a)
 {
 	ASN1_item_free((ASN1_VALUE *)a, &ASN1_NULL_it);
 }
+LCRYPTO_ALIAS(ASN1_NULL_free);
 
 
 const ASN1_ITEM ASN1_UTF8STRING_it = {
@@ -105,24 +109,28 @@ d2i_ASN1_UTF8STRING(ASN1_UTF8STRING **a, const unsigned char **in, long len)
 	return (ASN1_UTF8STRING *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
 	    &ASN1_UTF8STRING_it);
 }
+LCRYPTO_ALIAS(d2i_ASN1_UTF8STRING);
 
 int
 i2d_ASN1_UTF8STRING(ASN1_UTF8STRING *a, unsigned char **out)
 {
 	return ASN1_item_i2d((ASN1_VALUE *)a, out, &ASN1_UTF8STRING_it);
 }
+LCRYPTO_ALIAS(i2d_ASN1_UTF8STRING);
 
 ASN1_UTF8STRING *
 ASN1_UTF8STRING_new(void)
 {
 	return (ASN1_UTF8STRING *)ASN1_item_new(&ASN1_UTF8STRING_it);
 }
+LCRYPTO_ALIAS(ASN1_UTF8STRING_new);
 
 void
 ASN1_UTF8STRING_free(ASN1_UTF8STRING *a)
 {
 	ASN1_item_free((ASN1_VALUE *)a, &ASN1_UTF8STRING_it);
 }
+LCRYPTO_ALIAS(ASN1_UTF8STRING_free);
 
 
 const ASN1_ITEM ASN1_PRINTABLESTRING_it = {
@@ -138,24 +146,28 @@ d2i_ASN1_PRINTABLESTRING(ASN1_PRINTABLESTRING **a, const unsigned char **in,
 	return (ASN1_PRINTABLESTRING *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
 	    &ASN1_PRINTABLESTRING_it);
 }
+LCRYPTO_ALIAS(d2i_ASN1_PRINTABLESTRING);
 
 int
 i2d_ASN1_PRINTABLESTRING(ASN1_PRINTABLESTRING *a, unsigned char **out)
 {
 	return ASN1_item_i2d((ASN1_VALUE *)a, out, &ASN1_PRINTABLESTRING_it);
 }
+LCRYPTO_ALIAS(i2d_ASN1_PRINTABLESTRING);
 
 ASN1_PRINTABLESTRING *
 ASN1_PRINTABLESTRING_new(void)
 {
 	return (ASN1_PRINTABLESTRING *)ASN1_item_new(&ASN1_PRINTABLESTRING_it);
 }
+LCRYPTO_ALIAS(ASN1_PRINTABLESTRING_new);
 
 void
 ASN1_PRINTABLESTRING_free(ASN1_PRINTABLESTRING *a)
 {
 	ASN1_item_free((ASN1_VALUE *)a, &ASN1_PRINTABLESTRING_it);
 }
+LCRYPTO_ALIAS(ASN1_PRINTABLESTRING_free);
 
 
 const ASN1_ITEM ASN1_T61STRING_it = {
@@ -170,24 +182,28 @@ d2i_ASN1_T61STRING(ASN1_T61STRING **a, const unsigned char **in, long len)
 	return (ASN1_T61STRING *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
 	    &ASN1_T61STRING_it);
 }
+LCRYPTO_ALIAS(d2i_ASN1_T61STRING);
 
 int
 i2d_ASN1_T61STRING(ASN1_T61STRING *a, unsigned char **out)
 {
 	return ASN1_item_i2d((ASN1_VALUE *)a, out, &ASN1_T61STRING_it);
 }
+LCRYPTO_ALIAS(i2d_ASN1_T61STRING);
 
 ASN1_T61STRING *
 ASN1_T61STRING_new(void)
 {
 	return (ASN1_T61STRING *)ASN1_item_new(&ASN1_T61STRING_it);
 }
+LCRYPTO_ALIAS(ASN1_T61STRING_new);
 
 void
 ASN1_T61STRING_free(ASN1_T61STRING *a)
 {
 	ASN1_item_free((ASN1_VALUE *)a, &ASN1_T61STRING_it);
 }
+LCRYPTO_ALIAS(ASN1_T61STRING_free);
 
 
 const ASN1_ITEM ASN1_IA5STRING_it = {
@@ -202,24 +218,28 @@ d2i_ASN1_IA5STRING(ASN1_IA5STRING **a, const unsigned char **in, long len)
 	return (ASN1_IA5STRING *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
 	    &ASN1_IA5STRING_it);
 }
+LCRYPTO_ALIAS(d2i_ASN1_IA5STRING);
 
 int
 i2d_ASN1_IA5STRING(ASN1_IA5STRING *a, unsigned char **out)
 {
 	return ASN1_item_i2d((ASN1_VALUE *)a, out, &ASN1_IA5STRING_it);
 }
+LCRYPTO_ALIAS(i2d_ASN1_IA5STRING);
 
 ASN1_IA5STRING *
 ASN1_IA5STRING_new(void)
 {
 	return (ASN1_IA5STRING *)ASN1_item_new(&ASN1_IA5STRING_it);
 }
+LCRYPTO_ALIAS(ASN1_IA5STRING_new);
 
 void
 ASN1_IA5STRING_free(ASN1_IA5STRING *a)
 {
 	ASN1_item_free((ASN1_VALUE *)a, &ASN1_IA5STRING_it);
 }
+LCRYPTO_ALIAS(ASN1_IA5STRING_free);
 
 
 const ASN1_ITEM ASN1_GENERALSTRING_it = {
@@ -235,24 +255,28 @@ d2i_ASN1_GENERALSTRING(ASN1_GENERALSTRING **a, const unsigned char **in,
 	return (ASN1_GENERALSTRING *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
 	    &ASN1_GENERALSTRING_it);
 }
+LCRYPTO_ALIAS(d2i_ASN1_GENERALSTRING);
 
 int
 i2d_ASN1_GENERALSTRING(ASN1_GENERALSTRING *a, unsigned char **out)
 {
 	return ASN1_item_i2d((ASN1_VALUE *)a, out, &ASN1_GENERALSTRING_it);
 }
+LCRYPTO_ALIAS(i2d_ASN1_GENERALSTRING);
 
 ASN1_GENERALSTRING *
 ASN1_GENERALSTRING_new(void)
 {
 	return (ASN1_GENERALSTRING *)ASN1_item_new(&ASN1_GENERALSTRING_it);
 }
+LCRYPTO_ALIAS(ASN1_GENERALSTRING_new);
 
 void
 ASN1_GENERALSTRING_free(ASN1_GENERALSTRING *a)
 {
 	ASN1_item_free((ASN1_VALUE *)a, &ASN1_GENERALSTRING_it);
 }
+LCRYPTO_ALIAS(ASN1_GENERALSTRING_free);
 
 
 const ASN1_ITEM ASN1_UTCTIME_it = {
@@ -267,24 +291,28 @@ d2i_ASN1_UTCTIME(ASN1_UTCTIME **a, const unsigned char **in, long len)
 	return (ASN1_UTCTIME *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
 	    &ASN1_UTCTIME_it);
 }
+LCRYPTO_ALIAS(d2i_ASN1_UTCTIME);
 
 int
 i2d_ASN1_UTCTIME(ASN1_UTCTIME *a, unsigned char **out)
 {
 	return ASN1_item_i2d((ASN1_VALUE *)a, out, &ASN1_UTCTIME_it);
 }
+LCRYPTO_ALIAS(i2d_ASN1_UTCTIME);
 
 ASN1_UTCTIME *
 ASN1_UTCTIME_new(void)
 {
 	return (ASN1_UTCTIME *)ASN1_item_new(&ASN1_UTCTIME_it);
 }
+LCRYPTO_ALIAS(ASN1_UTCTIME_new);
 
 void
 ASN1_UTCTIME_free(ASN1_UTCTIME *a)
 {
 	ASN1_item_free((ASN1_VALUE *)a, &ASN1_UTCTIME_it);
 }
+LCRYPTO_ALIAS(ASN1_UTCTIME_free);
 
 
 const ASN1_ITEM ASN1_GENERALIZEDTIME_it = {
@@ -300,24 +328,28 @@ d2i_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME **a, const unsigned char **in,
 	return (ASN1_GENERALIZEDTIME *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
 	    &ASN1_GENERALIZEDTIME_it);
 }
+LCRYPTO_ALIAS(d2i_ASN1_GENERALIZEDTIME);
 
 int
 i2d_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME *a, unsigned char **out)
 {
 	return ASN1_item_i2d((ASN1_VALUE *)a, out, &ASN1_GENERALIZEDTIME_it);
 }
+LCRYPTO_ALIAS(i2d_ASN1_GENERALIZEDTIME);
 
 ASN1_GENERALIZEDTIME *
 ASN1_GENERALIZEDTIME_new(void)
 {
 	return (ASN1_GENERALIZEDTIME *)ASN1_item_new(&ASN1_GENERALIZEDTIME_it);
 }
+LCRYPTO_ALIAS(ASN1_GENERALIZEDTIME_new);
 
 void
 ASN1_GENERALIZEDTIME_free(ASN1_GENERALIZEDTIME *a)
 {
 	ASN1_item_free((ASN1_VALUE *)a, &ASN1_GENERALIZEDTIME_it);
 }
+LCRYPTO_ALIAS(ASN1_GENERALIZEDTIME_free);
 
 
 const ASN1_ITEM ASN1_VISIBLESTRING_it = {
@@ -333,24 +365,28 @@ d2i_ASN1_VISIBLESTRING(ASN1_VISIBLESTRING **a, const unsigned char **in,
 	return (ASN1_VISIBLESTRING *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
 	    &ASN1_VISIBLESTRING_it);
 }
+LCRYPTO_ALIAS(d2i_ASN1_VISIBLESTRING);
 
 int
 i2d_ASN1_VISIBLESTRING(ASN1_VISIBLESTRING *a, unsigned char **out)
 {
 	return ASN1_item_i2d((ASN1_VALUE *)a, out, &ASN1_VISIBLESTRING_it);
 }
+LCRYPTO_ALIAS(i2d_ASN1_VISIBLESTRING);
 
 ASN1_VISIBLESTRING *
 ASN1_VISIBLESTRING_new(void)
 {
 	return (ASN1_VISIBLESTRING *)ASN1_item_new(&ASN1_VISIBLESTRING_it);
 }
+LCRYPTO_ALIAS(ASN1_VISIBLESTRING_new);
 
 void
 ASN1_VISIBLESTRING_free(ASN1_VISIBLESTRING *a)
 {
 	ASN1_item_free((ASN1_VALUE *)a, &ASN1_VISIBLESTRING_it);
 }
+LCRYPTO_ALIAS(ASN1_VISIBLESTRING_free);
 
 
 const ASN1_ITEM ASN1_UNIVERSALSTRING_it = {
@@ -366,24 +402,28 @@ d2i_ASN1_UNIVERSALSTRING(ASN1_UNIVERSALSTRING **a, const unsigned char **in,
 	return (ASN1_UNIVERSALSTRING *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
 	    &ASN1_UNIVERSALSTRING_it);
 }
+LCRYPTO_ALIAS(d2i_ASN1_UNIVERSALSTRING);
 
 int
 i2d_ASN1_UNIVERSALSTRING(ASN1_UNIVERSALSTRING *a, unsigned char **out)
 {
 	return ASN1_item_i2d((ASN1_VALUE *)a, out, &ASN1_UNIVERSALSTRING_it);
 }
+LCRYPTO_ALIAS(i2d_ASN1_UNIVERSALSTRING);
 
 ASN1_UNIVERSALSTRING *
 ASN1_UNIVERSALSTRING_new(void)
 {
 	return (ASN1_UNIVERSALSTRING *)ASN1_item_new(&ASN1_UNIVERSALSTRING_it);
 }
+LCRYPTO_ALIAS(ASN1_UNIVERSALSTRING_new);
 
 void
 ASN1_UNIVERSALSTRING_free(ASN1_UNIVERSALSTRING *a)
 {
 	ASN1_item_free((ASN1_VALUE *)a, &ASN1_UNIVERSALSTRING_it);
 }
+LCRYPTO_ALIAS(ASN1_UNIVERSALSTRING_free);
 
 
 const ASN1_ITEM ASN1_BMPSTRING_it = {
@@ -398,24 +438,28 @@ d2i_ASN1_BMPSTRING(ASN1_BMPSTRING **a, const unsigned char **in, long len)
 	return (ASN1_BMPSTRING *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
 	    &ASN1_BMPSTRING_it);
 }
+LCRYPTO_ALIAS(d2i_ASN1_BMPSTRING);
 
 int
 i2d_ASN1_BMPSTRING(ASN1_BMPSTRING *a, unsigned char **out)
 {
 	return ASN1_item_i2d((ASN1_VALUE *)a, out, &ASN1_BMPSTRING_it);
 }
+LCRYPTO_ALIAS(i2d_ASN1_BMPSTRING);
 
 ASN1_BMPSTRING *
 ASN1_BMPSTRING_new(void)
 {
 	return (ASN1_BMPSTRING *)ASN1_item_new(&ASN1_BMPSTRING_it);
 }
+LCRYPTO_ALIAS(ASN1_BMPSTRING_new);
 
 void
 ASN1_BMPSTRING_free(ASN1_BMPSTRING *a)
 {
 	ASN1_item_free((ASN1_VALUE *)a, &ASN1_BMPSTRING_it);
 }
+LCRYPTO_ALIAS(ASN1_BMPSTRING_free);
 
 const ASN1_ITEM ASN1_ANY_it = {
 	.itype = ASN1_ITYPE_PRIMITIVE,
@@ -452,24 +496,28 @@ d2i_ASN1_PRINTABLE(ASN1_STRING **a, const unsigned char **in, long len)
 	return (ASN1_STRING *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
 	    &ASN1_PRINTABLE_it);
 }
+LCRYPTO_ALIAS(d2i_ASN1_PRINTABLE);
 
 int
 i2d_ASN1_PRINTABLE(ASN1_STRING *a, unsigned char **out)
 {
 	return ASN1_item_i2d((ASN1_VALUE *)a, out, &ASN1_PRINTABLE_it);
 }
+LCRYPTO_ALIAS(i2d_ASN1_PRINTABLE);
 
 ASN1_STRING *
 ASN1_PRINTABLE_new(void)
 {
 	return (ASN1_STRING *)ASN1_item_new(&ASN1_PRINTABLE_it);
 }
+LCRYPTO_ALIAS(ASN1_PRINTABLE_new);
 
 void
 ASN1_PRINTABLE_free(ASN1_STRING *a)
 {
 	ASN1_item_free((ASN1_VALUE *)a, &ASN1_PRINTABLE_it);
 }
+LCRYPTO_ALIAS(ASN1_PRINTABLE_free);
 
 
 const ASN1_ITEM DISPLAYTEXT_it = {
@@ -488,24 +536,28 @@ d2i_DISPLAYTEXT(ASN1_STRING **a, const unsigned char **in, long len)
 	return (ASN1_STRING *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
 	    &DISPLAYTEXT_it);
 }
+LCRYPTO_ALIAS(d2i_DISPLAYTEXT);
 
 int
 i2d_DISPLAYTEXT(ASN1_STRING *a, unsigned char **out)
 {
 	return ASN1_item_i2d((ASN1_VALUE *)a, out, &DISPLAYTEXT_it);
 }
+LCRYPTO_ALIAS(i2d_DISPLAYTEXT);
 
 ASN1_STRING *
 DISPLAYTEXT_new(void)
 {
 	return (ASN1_STRING *)ASN1_item_new(&DISPLAYTEXT_it);
 }
+LCRYPTO_ALIAS(DISPLAYTEXT_new);
 
 void
 DISPLAYTEXT_free(ASN1_STRING *a)
 {
 	ASN1_item_free((ASN1_VALUE *)a, &DISPLAYTEXT_it);
 }
+LCRYPTO_ALIAS(DISPLAYTEXT_free);
 
 
 const ASN1_ITEM DIRECTORYSTRING_it = {
@@ -524,24 +576,28 @@ d2i_DIRECTORYSTRING(ASN1_STRING **a, const unsigned char **in, long len)
 	return (ASN1_STRING *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
 	    &DIRECTORYSTRING_it);
 }
+LCRYPTO_ALIAS(d2i_DIRECTORYSTRING);
 
 int
 i2d_DIRECTORYSTRING(ASN1_STRING *a, unsigned char **out)
 {
 	return ASN1_item_i2d((ASN1_VALUE *)a, out, &DIRECTORYSTRING_it);
 }
+LCRYPTO_ALIAS(i2d_DIRECTORYSTRING);
 
 ASN1_STRING *
 DIRECTORYSTRING_new(void)
 {
 	return (ASN1_STRING *)ASN1_item_new(&DIRECTORYSTRING_it);
 }
+LCRYPTO_ALIAS(DIRECTORYSTRING_new);
 
 void
 DIRECTORYSTRING_free(ASN1_STRING *a)
 {
 	ASN1_item_free((ASN1_VALUE *)a, &DIRECTORYSTRING_it);
 }
+LCRYPTO_ALIAS(DIRECTORYSTRING_free);
 
 /* Three separate BOOLEAN type: normal, DEFAULT TRUE and DEFAULT FALSE */
 
@@ -640,12 +696,14 @@ d2i_ASN1_SEQUENCE_ANY(ASN1_SEQUENCE_ANY **a, const unsigned char **in, long len)
 	return (ASN1_SEQUENCE_ANY *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
 	    &ASN1_SEQUENCE_ANY_it);
 }
+LCRYPTO_ALIAS(d2i_ASN1_SEQUENCE_ANY);
 
 int
 i2d_ASN1_SEQUENCE_ANY(const ASN1_SEQUENCE_ANY *a, unsigned char **out)
 {
 	return ASN1_item_i2d((ASN1_VALUE *)a, out, &ASN1_SEQUENCE_ANY_it);
 }
+LCRYPTO_ALIAS(i2d_ASN1_SEQUENCE_ANY);
 
 ASN1_SEQUENCE_ANY *
 d2i_ASN1_SET_ANY(ASN1_SEQUENCE_ANY **a, const unsigned char **in, long len)
@@ -653,9 +711,11 @@ d2i_ASN1_SET_ANY(ASN1_SEQUENCE_ANY **a, const unsigned char **in, long len)
 	return (ASN1_SEQUENCE_ANY *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
 	    &ASN1_SET_ANY_it);
 }
+LCRYPTO_ALIAS(d2i_ASN1_SET_ANY);
 
 int
 i2d_ASN1_SET_ANY(const ASN1_SEQUENCE_ANY *a, unsigned char **out)
 {
 	return ASN1_item_i2d((ASN1_VALUE *)a, out, &ASN1_SET_ANY_it);
 }
+LCRYPTO_ALIAS(i2d_ASN1_SET_ANY);

lib/libcrypto/asn1/x_algor.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: x_algor.c,v 1.23 2021/12/12 14:27:20 tb Exp $ */
+/* $OpenBSD: x_algor.c,v 1.24 2023/07/05 21:23:37 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2000.
  */
@@ -109,24 +109,28 @@ d2i_X509_ALGOR(X509_ALGOR **a, const unsigned char **in, long len)
 	return (X509_ALGOR *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
 	    &X509_ALGOR_it);
 }
+LCRYPTO_ALIAS(d2i_X509_ALGOR);
 
 int
 i2d_X509_ALGOR(X509_ALGOR *a, unsigned char **out)
 {
 	return ASN1_item_i2d((ASN1_VALUE *)a, out, &X509_ALGOR_it);
 }
+LCRYPTO_ALIAS(i2d_X509_ALGOR);
 
 X509_ALGOR *
 X509_ALGOR_new(void)
 {
 	return (X509_ALGOR *)ASN1_item_new(&X509_ALGOR_it);
 }
+LCRYPTO_ALIAS(X509_ALGOR_new);
 
 void
 X509_ALGOR_free(X509_ALGOR *a)
 {
 	ASN1_item_free((ASN1_VALUE *)a, &X509_ALGOR_it);
 }
+LCRYPTO_ALIAS(X509_ALGOR_free);
 
 X509_ALGORS *
 d2i_X509_ALGORS(X509_ALGORS **a, const unsigned char **in, long len)
@@ -134,18 +138,21 @@ d2i_X509_ALGORS(X509_ALGORS **a, const unsigned char **in, long len)
 	return (X509_ALGORS *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
 	    &X509_ALGORS_it);
 }
+LCRYPTO_ALIAS(d2i_X509_ALGORS);
 
 int
 i2d_X509_ALGORS(X509_ALGORS *a, unsigned char **out)
 {
 	return ASN1_item_i2d((ASN1_VALUE *)a, out, &X509_ALGORS_it);
 }
+LCRYPTO_ALIAS(i2d_X509_ALGORS);
 
 X509_ALGOR *
 X509_ALGOR_dup(X509_ALGOR *x)
 {
 	return ASN1_item_dup(&X509_ALGOR_it, x);
 }
+LCRYPTO_ALIAS(X509_ALGOR_dup);
 
 int
 X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval)
@@ -174,6 +181,7 @@ X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval)
 		ASN1_TYPE_set(alg->parameter, ptype, pval);
 	return 1;
 }
+LCRYPTO_ALIAS(X509_ALGOR_set0);
 
 void
 X509_ALGOR_get0(const ASN1_OBJECT **paobj, int *pptype, const void **ppval,
@@ -191,6 +199,7 @@ X509_ALGOR_get0(const ASN1_OBJECT **paobj, int *pptype, const void **ppval,
 			*ppval = algor->parameter->value.ptr;
 	}
 }
+LCRYPTO_ALIAS(X509_ALGOR_get0);
 
 /* Set up an X509_ALGOR DigestAlgorithmIdentifier from an EVP_MD */
 
@@ -204,6 +213,7 @@ X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md)
 
 	X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_MD_type(md)), param_type, NULL);
 }
+LCRYPTO_ALIAS(X509_ALGOR_set_md);
 
 /* Returns 0 if they are equal, != 0 otherwise. */
 int
@@ -218,3 +228,4 @@ X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b)
 	}
 	return(rv);
 }
+LCRYPTO_ALIAS(X509_ALGOR_cmp);

lib/libcrypto/asn1/x_attrib.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: x_attrib.c,v 1.18 2022/11/26 16:08:50 tb Exp $ */
+/* $OpenBSD: x_attrib.c,v 1.19 2023/07/05 21:23:37 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -111,30 +111,35 @@ d2i_X509_ATTRIBUTE(X509_ATTRIBUTE **a, const unsigned char **in, long len)
 	return (X509_ATTRIBUTE *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
 	    &X509_ATTRIBUTE_it);
 }
+LCRYPTO_ALIAS(d2i_X509_ATTRIBUTE);
 
 int
 i2d_X509_ATTRIBUTE(X509_ATTRIBUTE *a, unsigned char **out)
 {
 	return ASN1_item_i2d((ASN1_VALUE *)a, out, &X509_ATTRIBUTE_it);
 }
+LCRYPTO_ALIAS(i2d_X509_ATTRIBUTE);
 
 X509_ATTRIBUTE *
 X509_ATTRIBUTE_new(void)
 {
 	return (X509_ATTRIBUTE *)ASN1_item_new(&X509_ATTRIBUTE_it);
 }
+LCRYPTO_ALIAS(X509_ATTRIBUTE_new);
 
 void
 X509_ATTRIBUTE_free(X509_ATTRIBUTE *a)
 {
 	ASN1_item_free((ASN1_VALUE *)a, &X509_ATTRIBUTE_it);
 }
+LCRYPTO_ALIAS(X509_ATTRIBUTE_free);
 
 X509_ATTRIBUTE *
 X509_ATTRIBUTE_dup(X509_ATTRIBUTE *x)
 {
 	return ASN1_item_dup(&X509_ATTRIBUTE_it, x);
 }
+LCRYPTO_ALIAS(X509_ATTRIBUTE_dup);
 
 X509_ATTRIBUTE *
 X509_ATTRIBUTE_create(int nid, int atrtype, void *value)
@@ -163,3 +168,4 @@ X509_ATTRIBUTE_create(int nid, int atrtype, void *value)
 		ASN1_TYPE_free(val);
 	return (NULL);
 }
+LCRYPTO_ALIAS(X509_ATTRIBUTE_create);

lib/libcrypto/asn1/x_crl.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: x_crl.c,v 1.39 2022/12/26 16:00:36 tb Exp $ */
+/* $OpenBSD: x_crl.c,v 1.40 2023/07/05 21:23:37 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -442,30 +442,35 @@ d2i_X509_REVOKED(X509_REVOKED **a, const unsigned char **in, long len)
 	return (X509_REVOKED *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
 	    &X509_REVOKED_it);
 }
+LCRYPTO_ALIAS(d2i_X509_REVOKED);
 
 int
 i2d_X509_REVOKED(X509_REVOKED *a, unsigned char **out)
 {
 	return ASN1_item_i2d((ASN1_VALUE *)a, out, &X509_REVOKED_it);
 }
+LCRYPTO_ALIAS(i2d_X509_REVOKED);
 
 X509_REVOKED *
 X509_REVOKED_new(void)
 {
 	return (X509_REVOKED *)ASN1_item_new(&X509_REVOKED_it);
 }
+LCRYPTO_ALIAS(X509_REVOKED_new);
 
 void
 X509_REVOKED_free(X509_REVOKED *a)
 {
 	ASN1_item_free((ASN1_VALUE *)a, &X509_REVOKED_it);
 }
+LCRYPTO_ALIAS(X509_REVOKED_free);
 
 X509_REVOKED *
 X509_REVOKED_dup(X509_REVOKED *a)
 {
 	return ASN1_item_dup(&X509_REVOKED_it, a);
 }
+LCRYPTO_ALIAS(X509_REVOKED_dup);
 
 X509_CRL_INFO *
 d2i_X509_CRL_INFO(X509_CRL_INFO **a, const unsigned char **in, long len)
@@ -473,24 +478,28 @@ d2i_X509_CRL_INFO(X509_CRL_INFO **a, const unsigned char **in, long len)
 	return (X509_CRL_INFO *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
 	    &X509_CRL_INFO_it);
 }
+LCRYPTO_ALIAS(d2i_X509_CRL_INFO);
 
 int
 i2d_X509_CRL_INFO(X509_CRL_INFO *a, unsigned char **out)
 {
 	return ASN1_item_i2d((ASN1_VALUE *)a, out, &X509_CRL_INFO_it);
 }
+LCRYPTO_ALIAS(i2d_X509_CRL_INFO);
 
 X509_CRL_INFO *
 X509_CRL_INFO_new(void)
 {
 	return (X509_CRL_INFO *)ASN1_item_new(&X509_CRL_INFO_it);
 }
+LCRYPTO_ALIAS(X509_CRL_INFO_new);
 
 void
 X509_CRL_INFO_free(X509_CRL_INFO *a)
 {
 	ASN1_item_free((ASN1_VALUE *)a, &X509_CRL_INFO_it);
 }
+LCRYPTO_ALIAS(X509_CRL_INFO_free);
 
 X509_CRL *
 d2i_X509_CRL(X509_CRL **a, const unsigned char **in, long len)
@@ -498,30 +507,35 @@ d2i_X509_CRL(X509_CRL **a, const unsigned char **in, long len)
 	return (X509_CRL *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
 	    &X509_CRL_it);
 }
+LCRYPTO_ALIAS(d2i_X509_CRL);
 
 int
 i2d_X509_CRL(X509_CRL *a, unsigned char **out)
 {
 	return ASN1_item_i2d((ASN1_VALUE *)a, out, &X509_CRL_it);
 }
+LCRYPTO_ALIAS(i2d_X509_CRL);
 
 X509_CRL *
 X509_CRL_new(void)
 {
 	return (X509_CRL *)ASN1_item_new(&X509_CRL_it);
 }
+LCRYPTO_ALIAS(X509_CRL_new);
 
 void
 X509_CRL_free(X509_CRL *a)
 {
 	ASN1_item_free((ASN1_VALUE *)a, &X509_CRL_it);
 }
+LCRYPTO_ALIAS(X509_CRL_free);
 
 X509_CRL *
 X509_CRL_dup(X509_CRL *x)
 {
 	return ASN1_item_dup(&X509_CRL_it, x);
 }
+LCRYPTO_ALIAS(X509_CRL_dup);
 
 static int
 X509_REVOKED_cmp(const X509_REVOKED * const *a, const X509_REVOKED * const *b)
@@ -544,6 +558,7 @@ X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev)
 	inf->enc.modified = 1;
 	return 1;
 }
+LCRYPTO_ALIAS(X509_CRL_add0_revoked);
 
 int
 X509_CRL_verify(X509_CRL *crl, EVP_PKEY *r)
@@ -552,6 +567,7 @@ X509_CRL_verify(X509_CRL *crl, EVP_PKEY *r)
 		return crl->meth->crl_verify(crl, r);
 	return 0;
 }
+LCRYPTO_ALIAS(X509_CRL_verify);
 
 int
 X509_CRL_get0_by_serial(X509_CRL *crl, X509_REVOKED **ret,
@@ -561,6 +577,7 @@ X509_CRL_get0_by_serial(X509_CRL *crl, X509_REVOKED **ret,
 		return crl->meth->crl_lookup(crl, ret, serial, NULL);
 	return 0;
 }
+LCRYPTO_ALIAS(X509_CRL_get0_by_serial);
 
 int
 X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x)
@@ -570,6 +587,7 @@ X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x)
 		    X509_get_serialNumber(x), X509_get_issuer_name(x));
 	return 0;
 }
+LCRYPTO_ALIAS(X509_CRL_get0_by_cert);
 
 static int
 def_crl_verify(X509_CRL *crl, EVP_PKEY *r)
@@ -648,6 +666,7 @@ X509_CRL_set_default_method(const X509_CRL_METHOD *meth)
 	else
 		default_crl_method = meth;
 }
+LCRYPTO_ALIAS(X509_CRL_set_default_method);
 
 X509_CRL_METHOD *
 X509_CRL_METHOD_new(int (*crl_init)(X509_CRL *crl),
@@ -669,6 +688,7 @@ X509_CRL_METHOD_new(int (*crl_init)(X509_CRL *crl),
 
 	return m;
 }
+LCRYPTO_ALIAS(X509_CRL_METHOD_new);
 
 void
 X509_CRL_METHOD_free(X509_CRL_METHOD *m)
@@ -679,72 +699,84 @@ X509_CRL_METHOD_free(X509_CRL_METHOD *m)
 		return;
 	free(m);
 }
+LCRYPTO_ALIAS(X509_CRL_METHOD_free);
 
 void
 X509_CRL_set_meth_data(X509_CRL *crl, void *dat)
 {
 	crl->meth_data = dat;
 }
+LCRYPTO_ALIAS(X509_CRL_set_meth_data);
 
 void *
 X509_CRL_get_meth_data(X509_CRL *crl)
 {
 	return crl->meth_data;
 }
+LCRYPTO_ALIAS(X509_CRL_get_meth_data);
 
 int
 X509_CRL_get_signature_nid(const X509_CRL *crl)
 {
 	return OBJ_obj2nid(crl->sig_alg->algorithm);
 }
+LCRYPTO_ALIAS(X509_CRL_get_signature_nid);
 
 const STACK_OF(X509_EXTENSION) *
 X509_CRL_get0_extensions(const X509_CRL *crl)
 {
 	return crl->crl->extensions;
 }
+LCRYPTO_ALIAS(X509_CRL_get0_extensions);
 
 long
 X509_CRL_get_version(const X509_CRL *crl)
 {
 	return ASN1_INTEGER_get(crl->crl->version);
 }
+LCRYPTO_ALIAS(X509_CRL_get_version);
 
 const ASN1_TIME *
 X509_CRL_get0_lastUpdate(const X509_CRL *crl)
 {
 	return crl->crl->lastUpdate;
 }
+LCRYPTO_ALIAS(X509_CRL_get0_lastUpdate);
 
 ASN1_TIME *
 X509_CRL_get_lastUpdate(X509_CRL *crl)
 {
 	return crl->crl->lastUpdate;
 }
+LCRYPTO_ALIAS(X509_CRL_get_lastUpdate);
 
 const ASN1_TIME *
 X509_CRL_get0_nextUpdate(const X509_CRL *crl)
 {
 	return crl->crl->nextUpdate;
 }
+LCRYPTO_ALIAS(X509_CRL_get0_nextUpdate);
 
 ASN1_TIME *
 X509_CRL_get_nextUpdate(X509_CRL *crl)
 {
 	return crl->crl->nextUpdate;
 }
+LCRYPTO_ALIAS(X509_CRL_get_nextUpdate);
 
 X509_NAME *
 X509_CRL_get_issuer(const X509_CRL *crl)
 {
 	return crl->crl->issuer;
 }
+LCRYPTO_ALIAS(X509_CRL_get_issuer);
 
 STACK_OF(X509_REVOKED) *
 X509_CRL_get_REVOKED(X509_CRL *crl)
 {
 	return crl->crl->revoked;
 }
+LCRYPTO_ALIAS(X509_CRL_get_REVOKED);
 
 void
 X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig,
@@ -755,9 +787,11 @@ X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig,
 	if (palg != NULL)
 		*palg = crl->sig_alg;
 }
+LCRYPTO_ALIAS(X509_CRL_get0_signature);
 
 const X509_ALGOR *
 X509_CRL_get0_tbs_sigalg(const X509_CRL *crl)
 {
 	return crl->crl->sig_alg;
 }
+LCRYPTO_ALIAS(X509_CRL_get0_tbs_sigalg);

lib/libcrypto/asn1/x_exten.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: x_exten.c,v 1.18 2022/11/26 16:08:50 tb Exp $ */
+/* $OpenBSD: x_exten.c,v 1.19 2023/07/05 21:23:37 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2000.
  */
@@ -116,24 +116,28 @@ d2i_X509_EXTENSION(X509_EXTENSION **a, const unsigned char **in, long len)
 	return (X509_EXTENSION *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
 	    &X509_EXTENSION_it);
 }
+LCRYPTO_ALIAS(d2i_X509_EXTENSION);
 
 int
 i2d_X509_EXTENSION(X509_EXTENSION *a, unsigned char **out)
 {
 	return ASN1_item_i2d((ASN1_VALUE *)a, out, &X509_EXTENSION_it);
 }
+LCRYPTO_ALIAS(i2d_X509_EXTENSION);
 
 X509_EXTENSION *
 X509_EXTENSION_new(void)
 {
 	return (X509_EXTENSION *)ASN1_item_new(&X509_EXTENSION_it);
 }
+LCRYPTO_ALIAS(X509_EXTENSION_new);
 
 void
 X509_EXTENSION_free(X509_EXTENSION *a)
 {
 	ASN1_item_free((ASN1_VALUE *)a, &X509_EXTENSION_it);
 }
+LCRYPTO_ALIAS(X509_EXTENSION_free);
 
 X509_EXTENSIONS *
 d2i_X509_EXTENSIONS(X509_EXTENSIONS **a, const unsigned char **in, long len)
@@ -141,15 +145,18 @@ d2i_X509_EXTENSIONS(X509_EXTENSIONS **a, const unsigned char **in, long len)
 	return (X509_EXTENSIONS *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
 	    &X509_EXTENSIONS_it);
 }
+LCRYPTO_ALIAS(d2i_X509_EXTENSIONS);
 
 int
 i2d_X509_EXTENSIONS(X509_EXTENSIONS *a, unsigned char **out)
 {
 	return ASN1_item_i2d((ASN1_VALUE *)a, out, &X509_EXTENSIONS_it);
 }
+LCRYPTO_ALIAS(i2d_X509_EXTENSIONS);
 
 X509_EXTENSION *
 X509_EXTENSION_dup(X509_EXTENSION *x)
 {
 	return ASN1_item_dup(&X509_EXTENSION_it, x);
 }
+LCRYPTO_ALIAS(X509_EXTENSION_dup);

lib/libcrypto/asn1/x_info.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: x_info.c,v 1.18 2020/09/03 17:29:05 tb Exp $ */
+/* $OpenBSD: x_info.c,v 1.19 2023/07/05 21:23:37 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -75,6 +75,7 @@ X509_INFO_new(void)
 
 	return ret;
 }
+LCRYPTO_ALIAS(X509_INFO_new);
 
 void
 X509_INFO_free(X509_INFO *x)
@@ -92,3 +93,4 @@ X509_INFO_free(X509_INFO *x)
 
 	free(x);
 }
+LCRYPTO_ALIAS(X509_INFO_free);

lib/libcrypto/asn1/x_name.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: x_name.c,v 1.38 2022/11/26 16:08:50 tb Exp $ */
+/* $OpenBSD: x_name.c,v 1.39 2023/07/05 21:23:37 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -117,30 +117,35 @@ d2i_X509_NAME_ENTRY(X509_NAME_ENTRY **a, const unsigned char **in, long len)
 	return (X509_NAME_ENTRY *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
 	    &X509_NAME_ENTRY_it);
 }
+LCRYPTO_ALIAS(d2i_X509_NAME_ENTRY);
 
 int
 i2d_X509_NAME_ENTRY(X509_NAME_ENTRY *a, unsigned char **out)
 {
 	return ASN1_item_i2d((ASN1_VALUE *)a, out, &X509_NAME_ENTRY_it);
 }
+LCRYPTO_ALIAS(i2d_X509_NAME_ENTRY);
 
 X509_NAME_ENTRY *
 X509_NAME_ENTRY_new(void)
 {
 	return (X509_NAME_ENTRY *)ASN1_item_new(&X509_NAME_ENTRY_it);
 }
+LCRYPTO_ALIAS(X509_NAME_ENTRY_new);
 
 void
 X509_NAME_ENTRY_free(X509_NAME_ENTRY *a)
 {
 	ASN1_item_free((ASN1_VALUE *)a, &X509_NAME_ENTRY_it);
 }
+LCRYPTO_ALIAS(X509_NAME_ENTRY_free);
 
 X509_NAME_ENTRY *
 X509_NAME_ENTRY_dup(X509_NAME_ENTRY *x)
 {
 	return ASN1_item_dup(&X509_NAME_ENTRY_it, x);
 }
+LCRYPTO_ALIAS(X509_NAME_ENTRY_dup);
 
 /* For the "Name" type we need a SEQUENCE OF { SET OF X509_NAME_ENTRY }
  * so declare two template wrappers for this
@@ -214,30 +219,35 @@ d2i_X509_NAME(X509_NAME **a, const unsigned char **in, long len)
 	return (X509_NAME *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
 	    &X509_NAME_it);
 }
+LCRYPTO_ALIAS(d2i_X509_NAME);
 
 int
 i2d_X509_NAME(X509_NAME *a, unsigned char **out)
 {
 	return ASN1_item_i2d((ASN1_VALUE *)a, out, &X509_NAME_it);
 }
+LCRYPTO_ALIAS(i2d_X509_NAME);
 
 X509_NAME *
 X509_NAME_new(void)
 {
 	return (X509_NAME *)ASN1_item_new(&X509_NAME_it);
 }
+LCRYPTO_ALIAS(X509_NAME_new);
 
 void
 X509_NAME_free(X509_NAME *a)
 {
 	ASN1_item_free((ASN1_VALUE *)a, &X509_NAME_it);
 }
+LCRYPTO_ALIAS(X509_NAME_free);
 
 X509_NAME *
 X509_NAME_dup(X509_NAME *x)
 {
 	return ASN1_item_dup(&X509_NAME_it, x);
 }
+LCRYPTO_ALIAS(X509_NAME_dup);
 
 static int
 x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it)
@@ -635,6 +645,7 @@ X509_NAME_set(X509_NAME **xn, X509_NAME *name)
 	*xn = name;
 	return 1;
 }
+LCRYPTO_ALIAS(X509_NAME_set);
 
 int
 X509_NAME_get0_der(X509_NAME *nm, const unsigned char **pder, size_t *pderlen)
@@ -648,3 +659,4 @@ X509_NAME_get0_der(X509_NAME *nm, const unsigned char **pder, size_t *pderlen)
 		*pderlen = nm->bytes->length;
 	return 1;
 }
+LCRYPTO_ALIAS(X509_NAME_get0_der);

lib/libcrypto/asn1/x_pkey.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: x_pkey.c,v 1.21 2021/12/25 13:17:48 jsing Exp $ */
+/* $OpenBSD: x_pkey.c,v 1.22 2023/07/05 21:23:37 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -98,6 +98,7 @@ X509_PKEY_new(void)
 	}
 	return NULL;
 }
+LCRYPTO_ALIAS(X509_PKEY_new);
 
 void
 X509_PKEY_free(X509_PKEY *x)
@@ -119,3 +120,4 @@ X509_PKEY_free(X509_PKEY *x)
 		free(x->key_data);
 	free(x);
 }
+LCRYPTO_ALIAS(X509_PKEY_free);

lib/libcrypto/asn1/x_pubkey.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: x_pubkey.c,v 1.33 2022/11/26 16:08:50 tb Exp $ */
+/* $OpenBSD: x_pubkey.c,v 1.34 2023/07/05 21:23:37 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -118,24 +118,28 @@ d2i_X509_PUBKEY(X509_PUBKEY **a, const unsigned char **in, long len)
 	return (X509_PUBKEY *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
 	    &X509_PUBKEY_it);
 }
+LCRYPTO_ALIAS(d2i_X509_PUBKEY);
 
 int
 i2d_X509_PUBKEY(X509_PUBKEY *a, unsigned char **out)
 {
 	return ASN1_item_i2d((ASN1_VALUE *)a, out, &X509_PUBKEY_it);
 }
+LCRYPTO_ALIAS(i2d_X509_PUBKEY);
 
 X509_PUBKEY *
 X509_PUBKEY_new(void)
 {
 	return (X509_PUBKEY *)ASN1_item_new(&X509_PUBKEY_it);
 }
+LCRYPTO_ALIAS(X509_PUBKEY_new);
 
 void
 X509_PUBKEY_free(X509_PUBKEY *a)
 {
 	ASN1_item_free((ASN1_VALUE *)a, &X509_PUBKEY_it);
 }
+LCRYPTO_ALIAS(X509_PUBKEY_free);
 
 int
 X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
@@ -174,6 +178,7 @@ X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
 		X509_PUBKEY_free(pk);
 	return 0;
 }
+LCRYPTO_ALIAS(X509_PUBKEY_set);
 
 EVP_PKEY *
 X509_PUBKEY_get0(X509_PUBKEY *key)
@@ -226,6 +231,7 @@ X509_PUBKEY_get0(X509_PUBKEY *key)
 	EVP_PKEY_free(ret);
 	return (NULL);
 }
+LCRYPTO_ALIAS(X509_PUBKEY_get0);
 
 EVP_PKEY *
 X509_PUBKEY_get(X509_PUBKEY *key)
@@ -239,6 +245,7 @@ X509_PUBKEY_get(X509_PUBKEY *key)
 
 	return pkey;
 }
+LCRYPTO_ALIAS(X509_PUBKEY_get);
 
 /*
  * Decode an X509_PUBKEY into the specified key type.
@@ -403,12 +410,14 @@ d2i_PUBKEY(EVP_PKEY **pkey, const unsigned char **in, long len)
 	return (EVP_PKEY *)ASN1_item_d2i((ASN1_VALUE **)pkey, in, len,
 	    &EVP_PKEY_PUBKEY_it);
 }
+LCRYPTO_ALIAS(d2i_PUBKEY);
 
 int
 i2d_PUBKEY(EVP_PKEY *pkey, unsigned char **out)
 {
 	return ASN1_item_i2d((ASN1_VALUE *)pkey, out, &EVP_PKEY_PUBKEY_it);
 }
+LCRYPTO_ALIAS(i2d_PUBKEY);
 
 EVP_PKEY *
 d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **pkey)
@@ -416,12 +425,14 @@ d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **pkey)
 	return (EVP_PKEY *)ASN1_item_d2i_bio(&EVP_PKEY_PUBKEY_it, bp,
 	    (ASN1_VALUE **)pkey);
 }
+LCRYPTO_ALIAS(d2i_PUBKEY_bio);
 
 int
 i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey)
 {
 	return ASN1_item_i2d_bio(&EVP_PKEY_PUBKEY_it, bp, (ASN1_VALUE *)pkey);
 }
+LCRYPTO_ALIAS(i2d_PUBKEY_bio);
 
 EVP_PKEY *
 d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **pkey)
@@ -429,12 +440,14 @@ d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **pkey)
 	return (EVP_PKEY *)ASN1_item_d2i_fp(&EVP_PKEY_PUBKEY_it, fp,
 	    (ASN1_VALUE **)pkey);
 }
+LCRYPTO_ALIAS(d2i_PUBKEY_fp);
 
 int
 i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey)
 {
 	return ASN1_item_i2d_fp(&EVP_PKEY_PUBKEY_it, fp, (ASN1_VALUE *)pkey);
 }
+LCRYPTO_ALIAS(i2d_PUBKEY_fp);
 
 /*
  * The following are equivalents but which return RSA and DSA keys.
@@ -497,36 +510,42 @@ d2i_RSA_PUBKEY(RSA **rsa, const unsigned char **in, long len)
 	return (RSA *)ASN1_item_d2i((ASN1_VALUE **)rsa, in, len,
 	    &RSA_PUBKEY_it);
 }
+LCRYPTO_ALIAS(d2i_RSA_PUBKEY);
 
 int
 i2d_RSA_PUBKEY(RSA *rsa, unsigned char **out)
 {
 	return ASN1_item_i2d((ASN1_VALUE *)rsa, out, &RSA_PUBKEY_it);
 }
+LCRYPTO_ALIAS(i2d_RSA_PUBKEY);
 
 RSA *
 d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa)
 {
 	return (RSA *)ASN1_item_d2i_bio(&RSA_PUBKEY_it, bp, (ASN1_VALUE **)rsa);
 }
+LCRYPTO_ALIAS(d2i_RSA_PUBKEY_bio);
 
 int
 i2d_RSA_PUBKEY_bio(BIO *bp, RSA *rsa)
 {
 	return ASN1_item_i2d_bio(&RSA_PUBKEY_it, bp, (ASN1_VALUE *)rsa);
 }
+LCRYPTO_ALIAS(i2d_RSA_PUBKEY_bio);
 
 RSA *
 d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa)
 {
 	return (RSA *)ASN1_item_d2i_fp(&RSA_PUBKEY_it, fp, (ASN1_VALUE **)rsa);
 }
+LCRYPTO_ALIAS(d2i_RSA_PUBKEY_fp);
 
 int
 i2d_RSA_PUBKEY_fp(FILE *fp, RSA *rsa)
 {
 	return ASN1_item_i2d_fp(&RSA_PUBKEY_it, fp, (ASN1_VALUE *)rsa);
 }
+LCRYPTO_ALIAS(i2d_RSA_PUBKEY_fp);
 #endif
 
 #ifndef OPENSSL_NO_DSA
@@ -587,36 +606,42 @@ d2i_DSA_PUBKEY(DSA **dsa, const unsigned char **in, long len)
 	return (DSA *)ASN1_item_d2i((ASN1_VALUE **)dsa, in, len,
 	    &DSA_PUBKEY_it);
 }
+LCRYPTO_ALIAS(d2i_DSA_PUBKEY);
 
 int
 i2d_DSA_PUBKEY(DSA *dsa, unsigned char **out)
 {
 	return ASN1_item_i2d((ASN1_VALUE *)dsa, out, &DSA_PUBKEY_it);
 }
+LCRYPTO_ALIAS(i2d_DSA_PUBKEY);
 
 DSA *
 d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa)
 {
 	return (DSA *)ASN1_item_d2i_bio(&DSA_PUBKEY_it, bp, (ASN1_VALUE **)dsa);
 }
+LCRYPTO_ALIAS(d2i_DSA_PUBKEY_bio);
 
 int
 i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa)
 {
 	return ASN1_item_i2d_bio(&DSA_PUBKEY_it, bp, (ASN1_VALUE *)dsa);
 }
+LCRYPTO_ALIAS(i2d_DSA_PUBKEY_bio);
 
 DSA *
 d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa)
 {
 	return (DSA *)ASN1_item_d2i_fp(&DSA_PUBKEY_it, fp, (ASN1_VALUE **)dsa);
 }
+LCRYPTO_ALIAS(d2i_DSA_PUBKEY_fp);
 
 int
 i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa)
 {
 	return ASN1_item_i2d_fp(&DSA_PUBKEY_it, fp, (ASN1_VALUE *)dsa);
 }
+LCRYPTO_ALIAS(i2d_DSA_PUBKEY_fp);
 
 #endif
 
@@ -678,36 +703,42 @@ d2i_EC_PUBKEY(EC_KEY **ec, const unsigned char **in, long len)
 	return (EC_KEY *)ASN1_item_d2i((ASN1_VALUE **)ec, in, len,
 	    &EC_PUBKEY_it);
 }
+LCRYPTO_ALIAS(d2i_EC_PUBKEY);
 
 int
 i2d_EC_PUBKEY(EC_KEY *ec, unsigned char **out)
 {
 	return ASN1_item_i2d((ASN1_VALUE *)ec, out, &EC_PUBKEY_it);
 }
+LCRYPTO_ALIAS(i2d_EC_PUBKEY);
 
 EC_KEY *
 d2i_EC_PUBKEY_bio(BIO *bp, EC_KEY **ec)
 {
 	return (EC_KEY *)ASN1_item_d2i_bio(&EC_PUBKEY_it, bp, (ASN1_VALUE **)ec);
 }
+LCRYPTO_ALIAS(d2i_EC_PUBKEY_bio);
 
 int
 i2d_EC_PUBKEY_bio(BIO *bp, EC_KEY *ec)
 {
 	return ASN1_item_i2d_bio(&EC_PUBKEY_it, bp, (ASN1_VALUE *)ec);
 }
+LCRYPTO_ALIAS(i2d_EC_PUBKEY_bio);
 
 EC_KEY *
 d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **ec)
 {
 	return (EC_KEY *)ASN1_item_d2i_fp(&EC_PUBKEY_it, fp, (ASN1_VALUE **)ec);
 }
+LCRYPTO_ALIAS(d2i_EC_PUBKEY_fp);
 
 int
 i2d_EC_PUBKEY_fp(FILE *fp, EC_KEY *ec)
 {
 	return ASN1_item_i2d_fp(&EC_PUBKEY_it, fp, (ASN1_VALUE *)ec);
 }
+LCRYPTO_ALIAS(i2d_EC_PUBKEY_fp);
 #endif
 
 int
@@ -724,6 +755,7 @@ X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj, int ptype,
 
 	return asn1_abs_set_unused_bits(pub->public_key, 0);
 }
+LCRYPTO_ALIAS(X509_PUBKEY_set0_param);
 
 int
 X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg, const unsigned char **pk,
@@ -739,3 +771,4 @@ X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg, const unsigned char **pk,
 		*pa = pub->algor;
 	return 1;
 }
+LCRYPTO_ALIAS(X509_PUBKEY_get0_param);

lib/libcrypto/asn1/x_req.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: x_req.c,v 1.19 2022/11/26 16:08:50 tb Exp $ */
+/* $OpenBSD: x_req.c,v 1.20 2023/07/05 21:23:37 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -143,24 +143,28 @@ d2i_X509_REQ_INFO(X509_REQ_INFO **a, const unsigned char **in, long len)
 	return (X509_REQ_INFO *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
 	    &X509_REQ_INFO_it);
 }
+LCRYPTO_ALIAS(d2i_X509_REQ_INFO);
 
 int
 i2d_X509_REQ_INFO(X509_REQ_INFO *a, unsigned char **out)
 {
 	return ASN1_item_i2d((ASN1_VALUE *)a, out, &X509_REQ_INFO_it);
 }
+LCRYPTO_ALIAS(i2d_X509_REQ_INFO);
 
 X509_REQ_INFO *
 X509_REQ_INFO_new(void)
 {
 	return (X509_REQ_INFO *)ASN1_item_new(&X509_REQ_INFO_it);
 }
+LCRYPTO_ALIAS(X509_REQ_INFO_new);
 
 void
 X509_REQ_INFO_free(X509_REQ_INFO *a)
 {
 	ASN1_item_free((ASN1_VALUE *)a, &X509_REQ_INFO_it);
 }
+LCRYPTO_ALIAS(X509_REQ_INFO_free);
 
 static const ASN1_AUX X509_REQ_aux = {
 	.app_data = NULL,
@@ -203,36 +207,42 @@ d2i_X509_REQ(X509_REQ **a, const unsigned char **in, long len)
 	return (X509_REQ *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
 	    &X509_REQ_it);
 }
+LCRYPTO_ALIAS(d2i_X509_REQ);
 
 int
 i2d_X509_REQ(X509_REQ *a, unsigned char **out)
 {
 	return ASN1_item_i2d((ASN1_VALUE *)a, out, &X509_REQ_it);
 }
+LCRYPTO_ALIAS(i2d_X509_REQ);
 
 X509_REQ *
 X509_REQ_new(void)
 {
 	return (X509_REQ *)ASN1_item_new(&X509_REQ_it);
 }
+LCRYPTO_ALIAS(X509_REQ_new);
 
 void
 X509_REQ_free(X509_REQ *a)
 {
 	ASN1_item_free((ASN1_VALUE *)a, &X509_REQ_it);
 }
+LCRYPTO_ALIAS(X509_REQ_free);
 
 X509_REQ *
 X509_REQ_dup(X509_REQ *x)
 {
 	return ASN1_item_dup(&X509_REQ_it, x);
 }
+LCRYPTO_ALIAS(X509_REQ_dup);
 
 int
 X509_REQ_get_signature_nid(const X509_REQ *req)
 {
 	return OBJ_obj2nid(req->sig_alg->algorithm);
 }
+LCRYPTO_ALIAS(X509_REQ_get_signature_nid);
 
 void
 X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig,
@@ -243,3 +253,4 @@ X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig,
 	if (palg != NULL)
 		*palg = req->sig_alg;
 }
+LCRYPTO_ALIAS(X509_REQ_get0_signature);

lib/libcrypto/asn1/x_sig.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: x_sig.c,v 1.14 2022/11/26 16:08:50 tb Exp $ */
+/* $OpenBSD: x_sig.c,v 1.15 2023/07/05 21:23:37 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -92,24 +92,28 @@ d2i_X509_SIG(X509_SIG **a, const unsigned char **in, long len)
 	return (X509_SIG *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
 	    &X509_SIG_it);
 }
+LCRYPTO_ALIAS(d2i_X509_SIG);
 
 int
 i2d_X509_SIG(X509_SIG *a, unsigned char **out)
 {
 	return ASN1_item_i2d((ASN1_VALUE *)a, out, &X509_SIG_it);
 }
+LCRYPTO_ALIAS(i2d_X509_SIG);
 
 X509_SIG *
 X509_SIG_new(void)
 {
 	return (X509_SIG *)ASN1_item_new(&X509_SIG_it);
 }
+LCRYPTO_ALIAS(X509_SIG_new);
 
 void
 X509_SIG_free(X509_SIG *a)
 {
 	ASN1_item_free((ASN1_VALUE *)a, &X509_SIG_it);
 }
+LCRYPTO_ALIAS(X509_SIG_free);
 
 void
 X509_SIG_get0(const X509_SIG *sig, const X509_ALGOR **palg,
@@ -120,6 +124,7 @@ X509_SIG_get0(const X509_SIG *sig, const X509_ALGOR **palg,
 	if (pdigest != NULL)
 		*pdigest = sig->digest;
 }
+LCRYPTO_ALIAS(X509_SIG_get0);
 
 void
 X509_SIG_getm(X509_SIG *sig, X509_ALGOR **palg, ASN1_OCTET_STRING **pdigest)
@@ -129,3 +134,4 @@ X509_SIG_getm(X509_SIG *sig, X509_ALGOR **palg, ASN1_OCTET_STRING **pdigest)
 	if (pdigest != NULL)
 		*pdigest = sig->digest;
 }
+LCRYPTO_ALIAS(X509_SIG_getm);

lib/libcrypto/asn1/x_spki.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: x_spki.c,v 1.11 2015/02/11 04:00:39 jsing Exp $ */
+/* $OpenBSD: x_spki.c,v 1.12 2023/07/05 21:23:37 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -94,24 +94,28 @@ d2i_NETSCAPE_SPKAC(NETSCAPE_SPKAC **a, const unsigned char **in, long len)
 	return (NETSCAPE_SPKAC *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
 	    &NETSCAPE_SPKAC_it);
 }
+LCRYPTO_ALIAS(d2i_NETSCAPE_SPKAC);
 
 int
 i2d_NETSCAPE_SPKAC(NETSCAPE_SPKAC *a, unsigned char **out)
 {
 	return ASN1_item_i2d((ASN1_VALUE *)a, out, &NETSCAPE_SPKAC_it);
 }
+LCRYPTO_ALIAS(i2d_NETSCAPE_SPKAC);
 
 NETSCAPE_SPKAC *
 NETSCAPE_SPKAC_new(void)
 {
 	return (NETSCAPE_SPKAC *)ASN1_item_new(&NETSCAPE_SPKAC_it);
 }
+LCRYPTO_ALIAS(NETSCAPE_SPKAC_new);
 
 void
 NETSCAPE_SPKAC_free(NETSCAPE_SPKAC *a)
 {
 	ASN1_item_free((ASN1_VALUE *)a, &NETSCAPE_SPKAC_it);
 }
+LCRYPTO_ALIAS(NETSCAPE_SPKAC_free);
 
 static const ASN1_TEMPLATE NETSCAPE_SPKI_seq_tt[] = {
 	{
@@ -154,21 +158,25 @@ d2i_NETSCAPE_SPKI(NETSCAPE_SPKI **a, const unsigned char **in, long len)
 	return (NETSCAPE_SPKI *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
 	    &NETSCAPE_SPKI_it);
 }
+LCRYPTO_ALIAS(d2i_NETSCAPE_SPKI);
 
 int
 i2d_NETSCAPE_SPKI(NETSCAPE_SPKI *a, unsigned char **out)
 {
 	return ASN1_item_i2d((ASN1_VALUE *)a, out, &NETSCAPE_SPKI_it);
 }
+LCRYPTO_ALIAS(i2d_NETSCAPE_SPKI);
 
 NETSCAPE_SPKI *
 NETSCAPE_SPKI_new(void)
 {
 	return (NETSCAPE_SPKI *)ASN1_item_new(&NETSCAPE_SPKI_it);
 }
+LCRYPTO_ALIAS(NETSCAPE_SPKI_new);
 
 void
 NETSCAPE_SPKI_free(NETSCAPE_SPKI *a)
 {
 	ASN1_item_free((ASN1_VALUE *)a, &NETSCAPE_SPKI_it);
 }
+LCRYPTO_ALIAS(NETSCAPE_SPKI_free);

lib/libcrypto/asn1/x_val.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: x_val.c,v 1.11 2015/02/11 04:00:39 jsing Exp $ */
+/* $OpenBSD: x_val.c,v 1.12 2023/07/05 21:23:37 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -90,21 +90,25 @@ d2i_X509_VAL(X509_VAL **a, const unsigned char **in, long len)
 	return (X509_VAL *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
 	    &X509_VAL_it);
 }
+LCRYPTO_ALIAS(d2i_X509_VAL);
 
 int
 i2d_X509_VAL(X509_VAL *a, unsigned char **out)
 {
 	return ASN1_item_i2d((ASN1_VALUE *)a, out, &X509_VAL_it);
 }
+LCRYPTO_ALIAS(i2d_X509_VAL);
 
 X509_VAL *
 X509_VAL_new(void)
 {
 	return (X509_VAL *)ASN1_item_new(&X509_VAL_it);
 }
+LCRYPTO_ALIAS(X509_VAL_new);
 
 void
 X509_VAL_free(X509_VAL *a)
 {
 	ASN1_item_free((ASN1_VALUE *)a, &X509_VAL_it);
 }
+LCRYPTO_ALIAS(X509_VAL_free);

lib/libcrypto/asn1/x_x509.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: x_x509.c,v 1.35 2023/04/28 16:30:14 tb Exp $ */
+/* $OpenBSD: x_x509.c,v 1.36 2023/07/05 21:23:37 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -149,24 +149,28 @@ d2i_X509_CINF(X509_CINF **a, const unsigned char **in, long len)
 	return (X509_CINF *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
 	    &X509_CINF_it);
 }
+LCRYPTO_ALIAS(d2i_X509_CINF);
 
 int
 i2d_X509_CINF(X509_CINF *a, unsigned char **out)
 {
 	return ASN1_item_i2d((ASN1_VALUE *)a, out, &X509_CINF_it);
 }
+LCRYPTO_ALIAS(i2d_X509_CINF);
 
 X509_CINF *
 X509_CINF_new(void)
 {
 	return (X509_CINF *)ASN1_item_new(&X509_CINF_it);
 }
+LCRYPTO_ALIAS(X509_CINF_new);
 
 void
 X509_CINF_free(X509_CINF *a)
 {
 	ASN1_item_free((ASN1_VALUE *)a, &X509_CINF_it);
 }
+LCRYPTO_ALIAS(X509_CINF_free);
 /* X509 top level structure needs a bit of customisation */
 
 static int
@@ -259,30 +263,35 @@ d2i_X509(X509 **a, const unsigned char **in, long len)
 	return (X509 *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
 	    &X509_it);
 }
+LCRYPTO_ALIAS(d2i_X509);
 
 int
 i2d_X509(X509 *a, unsigned char **out)
 {
 	return ASN1_item_i2d((ASN1_VALUE *)a, out, &X509_it);
 }
+LCRYPTO_ALIAS(i2d_X509);
 
 X509 *
 X509_new(void)
 {
 	return (X509 *)ASN1_item_new(&X509_it);
 }
+LCRYPTO_ALIAS(X509_new);
 
 void
 X509_free(X509 *a)
 {
 	ASN1_item_free((ASN1_VALUE *)a, &X509_it);
 }
+LCRYPTO_ALIAS(X509_free);
 
 X509 *
 X509_dup(X509 *x)
 {
 	return ASN1_item_dup(&X509_it, x);
 }
+LCRYPTO_ALIAS(X509_dup);
 
 int
 X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
@@ -291,18 +300,21 @@ X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
 	return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509, argl, argp,
 	    new_func, dup_func, free_func);
 }
+LCRYPTO_ALIAS(X509_get_ex_new_index);
 
 int
 X509_set_ex_data(X509 *r, int idx, void *arg)
 {
 	return (CRYPTO_set_ex_data(&r->ex_data, idx, arg));
 }
+LCRYPTO_ALIAS(X509_set_ex_data);
 
 void *
 X509_get_ex_data(X509 *r, int idx)
 {
 	return (CRYPTO_get_ex_data(&r->ex_data, idx));
 }
+LCRYPTO_ALIAS(X509_get_ex_data);
 
 /* X509_AUX ASN1 routines. X509_AUX is the name given to
  * a certificate with extra info tagged on the end. Since these
@@ -340,6 +352,7 @@ d2i_X509_AUX(X509 **a, const unsigned char **pp, long length)
 	X509_free(ret);
 	return NULL;
 }
+LCRYPTO_ALIAS(d2i_X509_AUX);
 
 int
 i2d_X509_AUX(X509 *a, unsigned char **pp)
@@ -351,6 +364,7 @@ i2d_X509_AUX(X509 *a, unsigned char **pp)
 		length += i2d_X509_CERT_AUX(a->aux, pp);
 	return length;
 }
+LCRYPTO_ALIAS(i2d_X509_AUX);
 
 int
 i2d_re_X509_tbs(X509 *x, unsigned char **pp)
@@ -358,6 +372,7 @@ i2d_re_X509_tbs(X509 *x, unsigned char **pp)
 	x->cert_info->enc.modified = 1;
 	return i2d_X509_CINF(x->cert_info, pp);
 }
+LCRYPTO_ALIAS(i2d_re_X509_tbs);
 
 void
 X509_get0_signature(const ASN1_BIT_STRING **psig, const X509_ALGOR **palg,
@@ -368,9 +383,11 @@ X509_get0_signature(const ASN1_BIT_STRING **psig, const X509_ALGOR **palg,
 	if (palg != NULL)
 		*palg = x->sig_alg;
 }
+LCRYPTO_ALIAS(X509_get0_signature);
 
 int
 X509_get_signature_nid(const X509 *x)
 {
 	return OBJ_obj2nid(x->sig_alg->algorithm);
 }
+LCRYPTO_ALIAS(X509_get_signature_nid);

lib/libcrypto/asn1/x_x509a.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: x_x509a.c,v 1.19 2022/11/26 16:08:50 tb Exp $ */
+/* $OpenBSD: x_x509a.c,v 1.20 2023/07/05 21:23:37 beck Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -126,24 +126,28 @@ d2i_X509_CERT_AUX(X509_CERT_AUX **a, const unsigned char **in, long len)
 	return (X509_CERT_AUX *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
 	    &X509_CERT_AUX_it);
 }
+LCRYPTO_ALIAS(d2i_X509_CERT_AUX);
 
 int
 i2d_X509_CERT_AUX(X509_CERT_AUX *a, unsigned char **out)
 {
 	return ASN1_item_i2d((ASN1_VALUE *)a, out, &X509_CERT_AUX_it);
 }
+LCRYPTO_ALIAS(i2d_X509_CERT_AUX);
 
 X509_CERT_AUX *
 X509_CERT_AUX_new(void)
 {
 	return (X509_CERT_AUX *)ASN1_item_new(&X509_CERT_AUX_it);
 }
+LCRYPTO_ALIAS(X509_CERT_AUX_new);
 
 void
 X509_CERT_AUX_free(X509_CERT_AUX *a)
 {
 	ASN1_item_free((ASN1_VALUE *)a, &X509_CERT_AUX_it);
 }
+LCRYPTO_ALIAS(X509_CERT_AUX_free);
 
 static X509_CERT_AUX *
 aux_get(X509 *x)
@@ -172,6 +176,7 @@ X509_alias_set1(X509 *x, const unsigned char *name, int len)
 		return 0;
 	return ASN1_STRING_set(aux->alias, name, len);
 }
+LCRYPTO_ALIAS(X509_alias_set1);
 
 int
 X509_keyid_set1(X509 *x, const unsigned char *id, int len)
@@ -190,6 +195,7 @@ X509_keyid_set1(X509 *x, const unsigned char *id, int len)
 		return 0;
 	return ASN1_STRING_set(aux->keyid, id, len);
 }
+LCRYPTO_ALIAS(X509_keyid_set1);
 
 unsigned char *
 X509_alias_get0(X509 *x, int *len)
@@ -200,6 +206,7 @@ X509_alias_get0(X509 *x, int *len)
 		*len = x->aux->alias->length;
 	return x->aux->alias->data;
 }
+LCRYPTO_ALIAS(X509_alias_get0);
 
 unsigned char *
 X509_keyid_get0(X509 *x, int *len)
@@ -210,6 +217,7 @@ X509_keyid_get0(X509 *x, int *len)
 		*len = x->aux->keyid->length;
 	return x->aux->keyid->data;
 }
+LCRYPTO_ALIAS(X509_keyid_get0);
 
 int
 X509_add1_trust_object(X509 *x, const ASN1_OBJECT *obj)
@@ -232,6 +240,7 @@ X509_add1_trust_object(X509 *x, const ASN1_OBJECT *obj)
 	ASN1_OBJECT_free(objtmp);
 	return 0;
 }
+LCRYPTO_ALIAS(X509_add1_trust_object);
 
 int
 X509_add1_reject_object(X509 *x, const ASN1_OBJECT *obj)
@@ -254,6 +263,7 @@ X509_add1_reject_object(X509 *x, const ASN1_OBJECT *obj)
 	ASN1_OBJECT_free(objtmp);
 	return 0;
 }
+LCRYPTO_ALIAS(X509_add1_reject_object);
 
 void
 X509_trust_clear(X509 *x)
@@ -263,6 +273,7 @@ X509_trust_clear(X509 *x)
 		x->aux->trust = NULL;
 	}
 }
+LCRYPTO_ALIAS(X509_trust_clear);
 
 void
 X509_reject_clear(X509 *x)
@@ -272,3 +283,4 @@ X509_reject_clear(X509 *x)
 		x->aux->reject = NULL;
 	}
 }
+LCRYPTO_ALIAS(X509_reject_clear);

lib/libcrypto/bio/b_dump.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: b_dump.c,v 1.23 2022/10/17 18:26:41 jsing Exp $ */
+/* $OpenBSD: b_dump.c,v 1.24 2023/07/05 21:23:37 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -75,6 +75,7 @@ BIO_dump_cb(int (*cb)(const void *data, size_t len, void *u),
 {
 	return BIO_dump_indent_cb(cb, u, s, len, 0);
 }
+LCRYPTO_ALIAS(BIO_dump_cb);
 
 int
 BIO_dump_indent_cb(int (*cb)(const void *data, size_t len, void *u),
@@ -148,6 +149,7 @@ BIO_dump_indent_cb(int (*cb)(const void *data, size_t len, void *u),
 #endif
 	return (ret);
 }
+LCRYPTO_ALIAS(BIO_dump_indent_cb);
 
 static int
 write_fp(const void *data, size_t len, void *fp)
@@ -160,12 +162,14 @@ BIO_dump_fp(FILE *fp, const char *s, int len)
 {
 	return BIO_dump_cb(write_fp, fp, s, len);
 }
+LCRYPTO_ALIAS(BIO_dump_fp);
 
 int
 BIO_dump_indent_fp(FILE *fp, const char *s, int len, int indent)
 {
 	return BIO_dump_indent_cb(write_fp, fp, s, len, indent);
 }
+LCRYPTO_ALIAS(BIO_dump_indent_fp);
 
 static int
 write_bio(const void *data, size_t len, void *bp)
@@ -178,9 +182,11 @@ BIO_dump(BIO *bp, const char *s, int len)
 {
 	return BIO_dump_cb(write_bio, bp, s, len);
 }
+LCRYPTO_ALIAS(BIO_dump);
 
 int
 BIO_dump_indent(BIO *bp, const char *s, int len, int indent)
 {
 	return BIO_dump_indent_cb(write_bio, bp, s, len, indent);
 }
+LCRYPTO_ALIAS(BIO_dump_indent);

lib/libcrypto/bio/b_posix.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: b_posix.c,v 1.2 2018/03/17 16:20:01 beck Exp $ */
+/* $OpenBSD: b_posix.c,v 1.3 2023/07/05 21:23:37 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -72,11 +72,13 @@ BIO_sock_init(void)
 		return (0);
 	return (1);
 }
+LCRYPTO_ALIAS(BIO_sock_init);
 
 void
 BIO_sock_cleanup(void)
 {
 }
+LCRYPTO_ALIAS(BIO_sock_cleanup);
 
 int
 BIO_socket_nbio(int s, int mode)
@@ -88,3 +90,4 @@ BIO_socket_nbio(int s, int mode)
 		return (fcntl(s, F_SETFL, flags & ~O_NONBLOCK) != -1);
 	return (1);
 }
+LCRYPTO_ALIAS(BIO_socket_nbio);

lib/libcrypto/bio/b_print.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: b_print.c,v 1.26 2019/06/28 05:47:57 deraadt Exp $ */
+/* $OpenBSD: b_print.c,v 1.27 2023/07/05 21:23:37 beck Exp $ */
 
 /* Theo de Raadt places this file in the public domain. */
 
@@ -15,6 +15,7 @@ BIO_printf(BIO *bio, const char *format, ...)
 	va_end(args);
 	return (ret);
 }
+LCRYPTO_ALIAS(BIO_printf);
 
 #ifdef HAVE_FUNOPEN
 static int
@@ -39,6 +40,7 @@ BIO_vprintf(BIO *bio, const char *format, va_list args)
 fail:
 	return (ret);
 }
+LCRYPTO_ALIAS(BIO_vprintf);
 
 #else /* !HAVE_FUNOPEN */
 
@@ -55,6 +57,7 @@ BIO_vprintf(BIO *bio, const char *format, va_list args)
 	free(buf);
 	return (ret);
 }
+LCRYPTO_ALIAS(BIO_vprintf);
 
 #endif /* HAVE_FUNOPEN */
 
@@ -92,6 +95,7 @@ BIO_snprintf(char *buf, size_t n, const char *format, ...)
 		return (-1);
 	return (ret);
 }
+LCRYPTO_ALIAS(BIO_snprintf);
 
 int
 BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args)
@@ -104,3 +108,4 @@ BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args)
 		return (-1);
 	return (ret);
 }
+LCRYPTO_ALIAS(BIO_vsnprintf);

lib/libcrypto/bio/b_sock.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: b_sock.c,v 1.70 2022/12/22 20:13:45 schwarze Exp $ */
+/* $OpenBSD: b_sock.c,v 1.71 2023/07/05 21:23:37 beck Exp $ */
 /*
  * Copyright (c) 2017 Bob Beck <beck@openbsd.org>
  *
@@ -62,6 +62,7 @@ BIO_get_host_ip(const char *str, unsigned char *ip)
 	freeaddrinfo(res);
 	return (1);
 }
+LCRYPTO_ALIAS(BIO_get_host_ip);
 
 int
 BIO_get_port(const char *str, unsigned short *port_ptr)
@@ -89,6 +90,7 @@ BIO_get_port(const char *str, unsigned short *port_ptr)
 	freeaddrinfo(res);
 	return (1);
 }
+LCRYPTO_ALIAS(BIO_get_port);
 
 int
 BIO_sock_error(int sock)
@@ -101,12 +103,14 @@ BIO_sock_error(int sock)
 		return (1);
 	return (err);
 }
+LCRYPTO_ALIAS(BIO_sock_error);
 
 struct hostent *
 BIO_gethostbyname(const char *name)
 {
 	return gethostbyname(name);
 }
+LCRYPTO_ALIAS(BIO_gethostbyname);
 
 int
 BIO_socket_ioctl(int fd, long type, void *arg)
@@ -118,6 +122,7 @@ BIO_socket_ioctl(int fd, long type, void *arg)
 		SYSerror(errno);
 	return (ret);
 }
+LCRYPTO_ALIAS(BIO_socket_ioctl);
 
 int
 BIO_get_accept_socket(char *host, int bind_mode)
@@ -203,6 +208,7 @@ err:
 	}
 	return (s);
 }
+LCRYPTO_ALIAS(BIO_get_accept_socket);
 
 int
 BIO_accept(int sock, char **addr)
@@ -245,9 +251,11 @@ BIO_accept(int sock, char **addr)
 end:
 	return (ret);
 }
+LCRYPTO_ALIAS(BIO_accept);
 
 int
 BIO_set_tcp_ndelay(int s, int on)
 {
 	return (setsockopt(s, IPPROTO_TCP, TCP_NODELAY, &on, sizeof(on)) == 0);
 }
+LCRYPTO_ALIAS(BIO_set_tcp_ndelay);

lib/libcrypto/bio/bf_buff.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: bf_buff.c,v 1.27 2022/01/14 08:40:57 tb Exp $ */
+/* $OpenBSD: bf_buff.c,v 1.28 2023/07/05 21:23:37 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -93,6 +93,7 @@ BIO_f_buffer(void)
 {
 	return (&methods_buffer);
 }
+LCRYPTO_ALIAS(BIO_f_buffer);
 
 static int
 buffer_new(BIO *bi)

lib/libcrypto/bio/bf_nbio.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: bf_nbio.c,v 1.22 2022/01/14 08:40:57 tb Exp $ */
+/* $OpenBSD: bf_nbio.c,v 1.23 2023/07/05 21:23:37 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -100,6 +100,7 @@ BIO_f_nbio_test(void)
 {
 	return (&methods_nbiof);
 }
+LCRYPTO_ALIAS(BIO_f_nbio_test);
 
 static int
 nbiof_new(BIO *bi)

lib/libcrypto/bio/bf_null.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: bf_null.c,v 1.14 2022/01/14 08:40:57 tb Exp $ */
+/* $OpenBSD: bf_null.c,v 1.15 2023/07/05 21:23:37 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -93,6 +93,7 @@ BIO_f_null(void)
 {
 	return (&methods_nullf);
 }
+LCRYPTO_ALIAS(BIO_f_null);
 
 static int
 nullf_new(BIO *bi)

lib/libcrypto/bio/bio.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: bio.h,v 1.56 2022/09/11 17:26:03 tb Exp $ */
+/* $OpenBSD: bio.h,v 1.58 2023/07/05 19:25:01 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -255,7 +255,7 @@ void BIO_clear_flags(BIO *b, int flags);
  * the BIO_CB_RETURN flag indicates if it is after the call.
  */
 #define BIO_CB_RETURN	0x80
-#define BIO_CB_return(a) ((a)|BIO_CB_RETURN))
+#define BIO_CB_return(a) ((a)|BIO_CB_RETURN)
 #define BIO_cb_pre(a)	(!((a)&BIO_CB_RETURN))
 #define BIO_cb_post(a)	((a)&BIO_CB_RETURN)
 
@@ -536,17 +536,13 @@ unsigned long BIO_number_read(BIO *bio);
 unsigned long BIO_number_written(BIO *bio);
 
 /* For BIO_f_asn1() */
-int
-BIO_asn1_set_prefix(BIO *b, asn1_ps_func *prefix,
+int BIO_asn1_set_prefix(BIO *b, asn1_ps_func *prefix,
 asn1_ps_func *prefix_free);
-int
-BIO_asn1_get_prefix(BIO *b, asn1_ps_func **pprefix,
+int BIO_asn1_get_prefix(BIO *b, asn1_ps_func **pprefix,
 asn1_ps_func **pprefix_free);
-int
-BIO_asn1_set_suffix(BIO *b, asn1_ps_func *suffix,
+int BIO_asn1_set_suffix(BIO *b, asn1_ps_func *suffix,
 asn1_ps_func *suffix_free);
-int
-BIO_asn1_get_suffix(BIO *b, asn1_ps_func **psuffix,
+int BIO_asn1_get_suffix(BIO *b, asn1_ps_func **psuffix,
 asn1_ps_func **psuffix_free);
 
 int BIO_get_new_index(void);
@@ -667,20 +663,30 @@ void BIO_copy_next_retry(BIO *b);
 
 /*long BIO_ghbn_ctrl(int cmd,int iarg,char *parg);*/
 
-int
-BIO_printf(BIO *bio, const char *format, ...)
+/* Needed for libressl-portable. */
+#ifndef __MINGW_PRINTF_FORMAT
+int BIO_printf(BIO *bio, const char *format, ...)
 	__attribute__((__format__(__printf__, 2, 3), __nonnull__(2)));
-int
-BIO_vprintf(BIO *bio, const char *format, va_list args)
+int BIO_vprintf(BIO *bio, const char *format, va_list args)
 	__attribute__((__format__(__printf__, 2, 0), __nonnull__(2)));
-int
-BIO_snprintf(char *buf, size_t n, const char *format, ...)
+int BIO_snprintf(char *buf, size_t n, const char *format, ...)
 	__attribute__((__deprecated__, __format__(__printf__, 3, 4),
 	    __nonnull__(3)));
-int
-BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args)
+int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args)
 	__attribute__((__deprecated__, __format__(__printf__, 3, 0),
 	    __nonnull__(3)));
+#else
+int BIO_printf(BIO *bio, const char *format, ...)
+	__attribute__((__format__(__MINGW_PRINTF_FORMAT, 2, 3), __nonnull__(2)));
+int BIO_vprintf(BIO *bio, const char *format, va_list args)
+	__attribute__((__format__(__MINGW_PRINTF_FORMAT, 2, 0), __nonnull__(2)));
+int BIO_snprintf(char *buf, size_t n, const char *format, ...)
+	__attribute__((__deprecated__, __format__(__MINGW_PRINTF_FORMAT, 3, 4),
+	    __nonnull__(3)));
+int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args)
+	__attribute__((__deprecated__, __format__(__MINGW_PRINTF_FORMAT, 3, 0),
+	    __nonnull__(3)));
+#endif
 
 void ERR_load_BIO_strings(void);
 

lib/libcrypto/bio/bio_cb.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: bio_cb.c,v 1.18 2022/01/07 09:02:17 tb Exp $ */
+/* $OpenBSD: bio_cb.c,v 1.19 2023/07/05 21:23:37 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -153,3 +153,4 @@ BIO_debug_callback(BIO *bio, int cmd, const char *argp, int argi, long argl,
 		fputs(buf, stderr);
 	return (r);
 }
+LCRYPTO_ALIAS(BIO_debug_callback);

lib/libcrypto/bio/bio_err.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: bio_err.c,v 1.19 2022/07/12 14:42:48 kn Exp $ */
+/* $OpenBSD: bio_err.c,v 1.20 2023/07/05 21:23:37 beck Exp $ */
 /* ====================================================================
  * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
  *
@@ -117,3 +117,4 @@ ERR_load_BIO_strings(void)
 	}
 #endif
 }
+LCRYPTO_ALIAS(ERR_load_BIO_strings);

lib/libcrypto/bio/bio_lib.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: bio_lib.c,v 1.44 2023/03/15 06:14:02 tb Exp $ */
+/* $OpenBSD: bio_lib.c,v 1.45 2023/07/05 21:23:37 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -129,6 +129,7 @@ BIO_get_new_index(void)
 
 	return index;
 }
+LCRYPTO_ALIAS(BIO_get_new_index);
 
 BIO *
 BIO_new(const BIO_METHOD *method)
@@ -147,6 +148,7 @@ BIO_new(const BIO_METHOD *method)
 	}
 	return (ret);
 }
+LCRYPTO_ALIAS(BIO_new);
 
 int
 BIO_set(BIO *bio, const BIO_METHOD *method)
@@ -176,6 +178,7 @@ BIO_set(BIO *bio, const BIO_METHOD *method)
 	}
 	return (1);
 }
+LCRYPTO_ALIAS(BIO_set);
 
 int
 BIO_free(BIO *a)
@@ -201,12 +204,14 @@ BIO_free(BIO *a)
 	free(a);
 	return (1);
 }
+LCRYPTO_ALIAS(BIO_free);
 
 void
 BIO_vfree(BIO *a)
 {
 	BIO_free(a);
 }
+LCRYPTO_ALIAS(BIO_vfree);
 
 int
 BIO_up_ref(BIO *bio)
@@ -214,108 +219,126 @@ BIO_up_ref(BIO *bio)
 	int refs = CRYPTO_add(&bio->references, 1, CRYPTO_LOCK_BIO);
 	return (refs > 1) ? 1 : 0;
 }
+LCRYPTO_ALIAS(BIO_up_ref);
 
 void *
 BIO_get_data(BIO *a)
 {
 	return (a->ptr);
 }
+LCRYPTO_ALIAS(BIO_get_data);
 
 void
 BIO_set_data(BIO *a, void *ptr)
 {
 	a->ptr = ptr;
 }
+LCRYPTO_ALIAS(BIO_set_data);
 
 int
 BIO_get_init(BIO *a)
 {
 	return a->init;
 }
+LCRYPTO_ALIAS(BIO_get_init);
 
 void
 BIO_set_init(BIO *a, int init)
 {
 	a->init = init;
 }
+LCRYPTO_ALIAS(BIO_set_init);
 
 int
 BIO_get_shutdown(BIO *a)
 {
 	return (a->shutdown);
 }
+LCRYPTO_ALIAS(BIO_get_shutdown);
 
 void
 BIO_set_shutdown(BIO *a, int shut)
 {
 	a->shutdown = shut;
 }
+LCRYPTO_ALIAS(BIO_set_shutdown);
 
 void
 BIO_clear_flags(BIO *b, int flags)
 {
 	b->flags &= ~flags;
 }
+LCRYPTO_ALIAS(BIO_clear_flags);
 
 int
 BIO_test_flags(const BIO *b, int flags)
 {
 	return (b->flags & flags);
 }
+LCRYPTO_ALIAS(BIO_test_flags);
 
 void
 BIO_set_flags(BIO *b, int flags)
 {
 	b->flags |= flags;
 }
+LCRYPTO_ALIAS(BIO_set_flags);
 
 BIO_callback_fn
 BIO_get_callback(const BIO *b)
 {
 	return b->callback;
 }
+LCRYPTO_ALIAS(BIO_get_callback);
 
 void
 BIO_set_callback(BIO *b, BIO_callback_fn cb)
 {
 	b->callback = cb;
 }
+LCRYPTO_ALIAS(BIO_set_callback);
 
 BIO_callback_fn_ex
 BIO_get_callback_ex(const BIO *b)
 {
 	return b->callback_ex;
 }
+LCRYPTO_ALIAS(BIO_get_callback_ex);
 
 void
 BIO_set_callback_ex(BIO *b, BIO_callback_fn_ex cb)
 {
 	b->callback_ex = cb;
 }
+LCRYPTO_ALIAS(BIO_set_callback_ex);
 
 void
 BIO_set_callback_arg(BIO *b, char *arg)
 {
 	b->cb_arg = arg;
 }
+LCRYPTO_ALIAS(BIO_set_callback_arg);
 
 char *
 BIO_get_callback_arg(const BIO *b)
 {
 	return b->cb_arg;
 }
+LCRYPTO_ALIAS(BIO_get_callback_arg);
 
 const char *
 BIO_method_name(const BIO *b)
 {
 	return b->method->name;
 }
+LCRYPTO_ALIAS(BIO_method_name);
 
 int
 BIO_method_type(const BIO *b)
 {
 	return b->method->type;
 }
+LCRYPTO_ALIAS(BIO_method_type);
 
 int
 BIO_read(BIO *b, void *out, int outl)
@@ -373,6 +396,7 @@ BIO_read(BIO *b, void *out, int outl)
 
 	return (ret);
 }
+LCRYPTO_ALIAS(BIO_read);
 
 int
 BIO_write(BIO *b, const void *in, int inl)
@@ -429,6 +453,7 @@ BIO_write(BIO *b, const void *in, int inl)
 
 	return (ret);
 }
+LCRYPTO_ALIAS(BIO_write);
 
 int
 BIO_puts(BIO *b, const char *in)
@@ -473,6 +498,7 @@ BIO_puts(BIO *b, const char *in)
 
 	return (ret);
 }
+LCRYPTO_ALIAS(BIO_puts);
 
 int
 BIO_gets(BIO *b, char *in, int inl)
@@ -515,6 +541,7 @@ BIO_gets(BIO *b, char *in, int inl)
 
 	return (ret);
 }
+LCRYPTO_ALIAS(BIO_gets);
 
 int
 BIO_indent(BIO *b, int indent, int max)
@@ -528,6 +555,7 @@ BIO_indent(BIO *b, int indent, int max)
 			return 0;
 	return 1;
 }
+LCRYPTO_ALIAS(BIO_indent);
 
 long
 BIO_int_ctrl(BIO *b, int cmd, long larg, int iarg)
@@ -537,6 +565,7 @@ BIO_int_ctrl(BIO *b, int cmd, long larg, int iarg)
 	i = iarg;
 	return (BIO_ctrl(b, cmd, larg, (char *)&i));
 }
+LCRYPTO_ALIAS(BIO_int_ctrl);
 
 char *
 BIO_ptr_ctrl(BIO *b, int cmd, long larg)
@@ -548,6 +577,7 @@ BIO_ptr_ctrl(BIO *b, int cmd, long larg)
 	else
 		return (p);
 }
+LCRYPTO_ALIAS(BIO_ptr_ctrl);
 
 long
 BIO_ctrl(BIO *b, int cmd, long larg, void *parg)
@@ -577,6 +607,7 @@ BIO_ctrl(BIO *b, int cmd, long larg, void *parg)
 
 	return (ret);
 }
+LCRYPTO_ALIAS(BIO_ctrl);
 
 long
 BIO_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
@@ -607,6 +638,7 @@ BIO_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
 
 	return (ret);
 }
+LCRYPTO_ALIAS(BIO_callback_ctrl);
 
 /* It is unfortunate to duplicate in functions what the BIO_(w)pending macros
  * do; but those macros have inappropriate return type, and for interfacing
@@ -616,12 +648,14 @@ BIO_ctrl_pending(BIO *bio)
 {
 	return BIO_ctrl(bio, BIO_CTRL_PENDING, 0, NULL);
 }
+LCRYPTO_ALIAS(BIO_ctrl_pending);
 
 size_t
 BIO_ctrl_wpending(BIO *bio)
 {
 	return BIO_ctrl(bio, BIO_CTRL_WPENDING, 0, NULL);
 }
+LCRYPTO_ALIAS(BIO_ctrl_wpending);
 
 
 /*
@@ -649,6 +683,7 @@ BIO_push(BIO *b, BIO *bio)
 	BIO_ctrl(b, BIO_CTRL_PUSH, 0, lb);
 	return (b);
 }
+LCRYPTO_ALIAS(BIO_push);
 
 /* Remove the first and return the rest */
 BIO *
@@ -671,6 +706,7 @@ BIO_pop(BIO *b)
 	b->prev_bio = NULL;
 	return (ret);
 }
+LCRYPTO_ALIAS(BIO_pop);
 
 BIO *
 BIO_get_retry_BIO(BIO *bio, int *reason)
@@ -690,18 +726,21 @@ BIO_get_retry_BIO(BIO *bio, int *reason)
 		*reason = last->retry_reason;
 	return (last);
 }
+LCRYPTO_ALIAS(BIO_get_retry_BIO);
 
 int
 BIO_get_retry_reason(BIO *bio)
 {
 	return (bio->retry_reason);
 }
+LCRYPTO_ALIAS(BIO_get_retry_reason);
 
 void
 BIO_set_retry_reason(BIO *bio, int reason)
 {
 	bio->retry_reason = reason;
 }
+LCRYPTO_ALIAS(BIO_set_retry_reason);
 
 BIO *
 BIO_find_type(BIO *bio, int type)
@@ -724,6 +763,7 @@ BIO_find_type(BIO *bio, int type)
 	} while (bio != NULL);
 	return (NULL);
 }
+LCRYPTO_ALIAS(BIO_find_type);
 
 BIO *
 BIO_next(BIO *b)
@@ -732,6 +772,7 @@ BIO_next(BIO *b)
 		return NULL;
 	return b->next_bio;
 }
+LCRYPTO_ALIAS(BIO_next);
 
 /*
  * Two chains "bio -> oldtail" and "oldhead -> next" become
@@ -753,6 +794,7 @@ BIO_set_next(BIO *bio, BIO *next)
 	if (next != NULL)
 		next->prev_bio = bio;
 }
+LCRYPTO_ALIAS(BIO_set_next);
 
 void
 BIO_free_all(BIO *bio)
@@ -770,6 +812,7 @@ BIO_free_all(BIO *bio)
 			break;
 	}
 }
+LCRYPTO_ALIAS(BIO_free_all);
 
 BIO *
 BIO_dup_chain(BIO *in)
@@ -813,6 +856,7 @@ err:
 	return (NULL);
 
 }
+LCRYPTO_ALIAS(BIO_dup_chain);
 
 void
 BIO_copy_next_retry(BIO *b)
@@ -820,6 +864,7 @@ BIO_copy_next_retry(BIO *b)
 	BIO_set_flags(b, BIO_get_retry_flags(b->next_bio));
 	b->retry_reason = b->next_bio->retry_reason;
 }
+LCRYPTO_ALIAS(BIO_copy_next_retry);
 
 int
 BIO_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
@@ -828,18 +873,21 @@ BIO_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
 	return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_BIO, argl, argp,
 	    new_func, dup_func, free_func);
 }
+LCRYPTO_ALIAS(BIO_get_ex_new_index);
 
 int
 BIO_set_ex_data(BIO *bio, int idx, void *data)
 {
 	return (CRYPTO_set_ex_data(&(bio->ex_data), idx, data));
 }
+LCRYPTO_ALIAS(BIO_set_ex_data);
 
 void *
 BIO_get_ex_data(BIO *bio, int idx)
 {
 	return (CRYPTO_get_ex_data(&(bio->ex_data), idx));
 }
+LCRYPTO_ALIAS(BIO_get_ex_data);
 
 unsigned long
 BIO_number_read(BIO *bio)
@@ -848,6 +896,7 @@ BIO_number_read(BIO *bio)
 		return bio->num_read;
 	return 0;
 }
+LCRYPTO_ALIAS(BIO_number_read);
 
 unsigned long
 BIO_number_written(BIO *bio)
@@ -856,3 +905,4 @@ BIO_number_written(BIO *bio)
 		return bio->num_write;
 	return 0;
 }
+LCRYPTO_ALIAS(BIO_number_written);

lib/libcrypto/bio/bio_meth.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: bio_meth.c,v 1.8 2022/01/14 08:40:57 tb Exp $	*/
+/*	$OpenBSD: bio_meth.c,v 1.9 2023/07/05 21:23:37 beck Exp $	*/
 /*
  * Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
  *
@@ -34,18 +34,21 @@ BIO_meth_new(int type, const char *name)
 
 	return biom;
 }
+LCRYPTO_ALIAS(BIO_meth_new);
 
 void
 BIO_meth_free(BIO_METHOD *biom)
 {
 	free(biom);
 }
+LCRYPTO_ALIAS(BIO_meth_free);
 
 int
 (*BIO_meth_get_write(const BIO_METHOD *biom))(BIO *, const char *, int)
 {
 	return biom->bwrite;
 }
+LCRYPTO_ALIAS(BIO_meth_get_write);
 
 int
 BIO_meth_set_write(BIO_METHOD *biom, int (*write)(BIO *, const char *, int))
@@ -53,12 +56,14 @@ BIO_meth_set_write(BIO_METHOD *biom, int (*write)(BIO *, const char *, int))
 	biom->bwrite = write;
 	return 1;
 }
+LCRYPTO_ALIAS(BIO_meth_set_write);
 
 int
 (*BIO_meth_get_read(const BIO_METHOD *biom))(BIO *, char *, int)
 {
 	return biom->bread;
 }
+LCRYPTO_ALIAS(BIO_meth_get_read);
 
 int
 BIO_meth_set_read(BIO_METHOD *biom, int (*read)(BIO *, char *, int))
@@ -66,12 +71,14 @@ BIO_meth_set_read(BIO_METHOD *biom, int (*read)(BIO *, char *, int))
 	biom->bread = read;
 	return 1;
 }
+LCRYPTO_ALIAS(BIO_meth_set_read);
 
 int
 (*BIO_meth_get_puts(const BIO_METHOD *biom))(BIO *, const char *)
 {
 	return biom->bputs;
 }
+LCRYPTO_ALIAS(BIO_meth_get_puts);
 
 int
 BIO_meth_set_puts(BIO_METHOD *biom, int (*puts)(BIO *, const char *))
@@ -79,12 +86,14 @@ BIO_meth_set_puts(BIO_METHOD *biom, int (*puts)(BIO *, const char *))
 	biom->bputs = puts;
 	return 1;
 }
+LCRYPTO_ALIAS(BIO_meth_set_puts);
 
 int
 (*BIO_meth_get_gets(const BIO_METHOD *biom))(BIO *, char *, int)
 {
 	return biom->bgets;
 }
+LCRYPTO_ALIAS(BIO_meth_get_gets);
 
 int
 BIO_meth_set_gets(BIO_METHOD *biom, int (*gets)(BIO *, char *, int))
@@ -92,12 +101,14 @@ BIO_meth_set_gets(BIO_METHOD *biom, int (*gets)(BIO *, char *, int))
 	biom->bgets = gets;
 	return 1;
 }
+LCRYPTO_ALIAS(BIO_meth_set_gets);
 
 long
 (*BIO_meth_get_ctrl(const BIO_METHOD *biom))(BIO *, int, long, void *)
 {
 	return biom->ctrl;
 }
+LCRYPTO_ALIAS(BIO_meth_get_ctrl);
 
 int
 BIO_meth_set_ctrl(BIO_METHOD *biom, long (*ctrl)(BIO *, int, long, void *))
@@ -105,12 +116,14 @@ BIO_meth_set_ctrl(BIO_METHOD *biom, long (*ctrl)(BIO *, int, long, void *))
 	biom->ctrl = ctrl;
 	return 1;
 }
+LCRYPTO_ALIAS(BIO_meth_set_ctrl);
 
 int
 (*BIO_meth_get_create(const BIO_METHOD *biom))(BIO *)
 {
 	return biom->create;
 }
+LCRYPTO_ALIAS(BIO_meth_get_create);
 
 int
 BIO_meth_set_create(BIO_METHOD *biom, int (*create)(BIO *))
@@ -118,12 +131,14 @@ BIO_meth_set_create(BIO_METHOD *biom, int (*create)(BIO *))
 	biom->create = create;
 	return 1;
 }
+LCRYPTO_ALIAS(BIO_meth_set_create);
 
 int
 (*BIO_meth_get_destroy(const BIO_METHOD *biom))(BIO *)
 {
 	return biom->destroy;
 }
+LCRYPTO_ALIAS(BIO_meth_get_destroy);
 
 int
 BIO_meth_set_destroy(BIO_METHOD *biom, int (*destroy)(BIO *))
@@ -131,12 +146,14 @@ BIO_meth_set_destroy(BIO_METHOD *biom, int (*destroy)(BIO *))
 	biom->destroy = destroy;
 	return 1;
 }
+LCRYPTO_ALIAS(BIO_meth_set_destroy);
 
 long
 (*BIO_meth_get_callback_ctrl(const BIO_METHOD *biom))(BIO *, int, BIO_info_cb *)
 {
 	return biom->callback_ctrl;
 }
+LCRYPTO_ALIAS(BIO_meth_get_callback_ctrl);
 
 int
 BIO_meth_set_callback_ctrl(BIO_METHOD *biom,
@@ -145,3 +162,4 @@ BIO_meth_set_callback_ctrl(BIO_METHOD *biom,
 	biom->callback_ctrl = callback_ctrl;
 	return 1;
 }
+LCRYPTO_ALIAS(BIO_meth_set_callback_ctrl);

lib/libcrypto/bio/bss_acpt.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: bss_acpt.c,v 1.30 2022/01/07 09:02:17 tb Exp $ */
+/* $OpenBSD: bss_acpt.c,v 1.31 2023/07/05 21:23:37 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -118,6 +118,7 @@ BIO_s_accept(void)
 {
 	return (&methods_acceptp);
 }
+LCRYPTO_ALIAS(BIO_s_accept);
 
 static int
 acpt_new(BIO *bi)
@@ -452,4 +453,4 @@ BIO_new_accept(const char *str)
 		return (NULL);
 	}
 }
-
+LCRYPTO_ALIAS(BIO_new_accept);

lib/libcrypto/bio/bss_bio.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: bss_bio.c,v 1.25 2022/01/07 09:02:17 tb Exp $ */
+/* $OpenBSD: bss_bio.c,v 1.26 2023/07/05 21:23:37 beck Exp $ */
 /* ====================================================================
  * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
  *
@@ -112,6 +112,7 @@ BIO_s_bio(void)
 {
 	return &methods_biop;
 }
+LCRYPTO_ALIAS(BIO_s_bio);
 
 struct bio_bio_st {
 	BIO *peer;	/* NULL if buf == NULL.
@@ -795,24 +796,28 @@ BIO_new_bio_pair(BIO **bio1_p, size_t writebuf1, BIO **bio2_p, size_t writebuf2)
 	*bio2_p = bio2;
 	return ret;
 }
+LCRYPTO_ALIAS(BIO_new_bio_pair);
 
 size_t
 BIO_ctrl_get_write_guarantee(BIO *bio)
 {
 	return BIO_ctrl(bio, BIO_C_GET_WRITE_GUARANTEE, 0, NULL);
 }
+LCRYPTO_ALIAS(BIO_ctrl_get_write_guarantee);
 
 size_t
 BIO_ctrl_get_read_request(BIO *bio)
 {
 	return BIO_ctrl(bio, BIO_C_GET_READ_REQUEST, 0, NULL);
 }
+LCRYPTO_ALIAS(BIO_ctrl_get_read_request);
 
 int
 BIO_ctrl_reset_read_request(BIO *bio)
 {
 	return (BIO_ctrl(bio, BIO_C_RESET_READ_REQUEST, 0, NULL) != 0);
 }
+LCRYPTO_ALIAS(BIO_ctrl_reset_read_request);
 
 
 /* BIO_nread0/nread/nwrite0/nwrite are available only for BIO pairs for now
@@ -834,6 +839,7 @@ BIO_nread0(BIO *bio, char **buf)
 	else
 		return (int) ret;
 }
+LCRYPTO_ALIAS(BIO_nread0);
 
 int
 BIO_nread(BIO *bio, char **buf, int num)
@@ -850,6 +856,7 @@ BIO_nread(BIO *bio, char **buf, int num)
 		bio->num_read += ret;
 	return ret;
 }
+LCRYPTO_ALIAS(BIO_nread);
 
 int
 BIO_nwrite0(BIO *bio, char **buf)
@@ -867,6 +874,7 @@ BIO_nwrite0(BIO *bio, char **buf)
 	else
 		return (int) ret;
 }
+LCRYPTO_ALIAS(BIO_nwrite0);
 
 int
 BIO_nwrite(BIO *bio, char **buf, int num)
@@ -883,3 +891,4 @@ BIO_nwrite(BIO *bio, char **buf, int num)
 		bio->num_write += ret;
 	return ret;
 }
+LCRYPTO_ALIAS(BIO_nwrite);

lib/libcrypto/bio/bss_conn.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: bss_conn.c,v 1.37 2022/01/14 08:40:57 tb Exp $ */
+/* $OpenBSD: bss_conn.c,v 1.38 2023/07/05 21:23:37 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -309,6 +309,7 @@ BIO_CONNECT_new(void)
 	memset((char *)&ret->them, 0, sizeof(ret->them));
 	return (ret);
 }
+LCRYPTO_ALIAS(BIO_CONNECT_new);
 
 void
 BIO_CONNECT_free(BIO_CONNECT *a)
@@ -320,12 +321,14 @@ BIO_CONNECT_free(BIO_CONNECT *a)
 	free(a->param_port);
 	free(a);
 }
+LCRYPTO_ALIAS(BIO_CONNECT_free);
 
 const BIO_METHOD *
 BIO_s_connect(void)
 {
 	return (&methods_connectp);
 }
+LCRYPTO_ALIAS(BIO_s_connect);
 
 static int
 conn_new(BIO *bi)
@@ -594,4 +597,4 @@ BIO_new_connect(const char *str)
 		return (NULL);
 	}
 }
-
+LCRYPTO_ALIAS(BIO_new_connect);

lib/libcrypto/bio/bss_dgram.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: bss_dgram.c,v 1.44 2022/12/26 07:18:51 jmc Exp $ */
+/* $OpenBSD: bss_dgram.c,v 1.45 2023/07/05 21:23:37 beck Exp $ */
 /*
  * DTLS implementation written by Nagendra Modadugu
  * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -119,6 +119,7 @@ BIO_s_datagram(void)
 {
 	return (&methods_dgramp);
 }
+LCRYPTO_ALIAS(BIO_s_datagram);
 
 BIO *
 BIO_new_dgram(int fd, int close_flag)
@@ -131,6 +132,7 @@ BIO_new_dgram(int fd, int close_flag)
 	BIO_set_fd(ret, fd, close_flag);
 	return (ret);
 }
+LCRYPTO_ALIAS(BIO_new_dgram);
 
 static int
 dgram_new(BIO *bi)
@@ -656,5 +658,6 @@ BIO_dgram_non_fatal_error(int err)
 	}
 	return (0);
 }
+LCRYPTO_ALIAS(BIO_dgram_non_fatal_error);
 
 #endif

lib/libcrypto/bio/bss_fd.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: bss_fd.c,v 1.20 2022/01/07 09:02:17 tb Exp $ */
+/* $OpenBSD: bss_fd.c,v 1.21 2023/07/05 21:23:37 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -93,6 +93,7 @@ BIO_s_fd(void)
 {
 	return (&methods_fdp);
 }
+LCRYPTO_ALIAS(BIO_s_fd);
 
 BIO *
 BIO_new_fd(int fd, int close_flag)
@@ -104,6 +105,7 @@ BIO_new_fd(int fd, int close_flag)
 	BIO_set_fd(ret, fd, close_flag);
 	return (ret);
 }
+LCRYPTO_ALIAS(BIO_new_fd);
 
 static int
 fd_new(BIO *bi)
@@ -251,6 +253,7 @@ BIO_fd_should_retry(int i)
 	}
 	return (0);
 }
+LCRYPTO_ALIAS(BIO_fd_should_retry);
 
 int
 BIO_fd_non_fatal_error(int err)
@@ -267,3 +270,4 @@ BIO_fd_non_fatal_error(int err)
 	}
 	return (0);
 }
+LCRYPTO_ALIAS(BIO_fd_non_fatal_error);

lib/libcrypto/bio/bss_file.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: bss_file.c,v 1.34 2022/01/07 09:02:17 tb Exp $ */
+/* $OpenBSD: bss_file.c,v 1.35 2023/07/05 21:23:37 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -137,6 +137,7 @@ BIO_new_file(const char *filename, const char *mode)
 	BIO_set_fp(ret, file, BIO_CLOSE);
 	return (ret);
 }
+LCRYPTO_ALIAS(BIO_new_file);
 
 BIO *
 BIO_new_fp(FILE *stream, int close_flag)
@@ -149,12 +150,14 @@ BIO_new_fp(FILE *stream, int close_flag)
 	BIO_set_fp(ret, stream, close_flag);
 	return (ret);
 }
+LCRYPTO_ALIAS(BIO_new_fp);
 
 const BIO_METHOD *
 BIO_s_file(void)
 {
 	return (&methods_filep);
 }
+LCRYPTO_ALIAS(BIO_s_file);
 
 static int
 file_new(BIO *bi)

lib/libcrypto/bio/bss_log.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: bss_log.c,v 1.23 2022/01/07 09:02:17 tb Exp $ */
+/* $OpenBSD: bss_log.c,v 1.24 2023/07/05 21:23:37 beck Exp $ */
 /* ====================================================================
  * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
  *
@@ -98,6 +98,7 @@ BIO_s_log(void)
 {
 	return (&methods_slg);
 }
+LCRYPTO_ALIAS(BIO_s_log);
 
 static int
 slg_new(BIO *bi)

lib/libcrypto/bio/bss_mem.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: bss_mem.c,v 1.21 2022/02/19 15:59:12 jsing Exp $ */
+/* $OpenBSD: bss_mem.c,v 1.22 2023/07/05 21:23:37 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -117,6 +117,7 @@ BIO_s_mem(void)
 {
 	return &mem_method;
 }
+LCRYPTO_ALIAS(BIO_s_mem);
 
 BIO *
 BIO_new_mem_buf(const void *buf, int buf_len)
@@ -148,6 +149,7 @@ BIO_new_mem_buf(const void *buf, int buf_len)
 
 	return bio;
 }
+LCRYPTO_ALIAS(BIO_new_mem_buf);
 
 static int
 mem_new(BIO *bio)

lib/libcrypto/bio/bss_null.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: bss_null.c,v 1.12 2022/01/07 09:02:17 tb Exp $ */
+/* $OpenBSD: bss_null.c,v 1.13 2023/07/05 21:23:37 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -89,6 +89,7 @@ BIO_s_null(void)
 {
 	return (&null_method);
 }
+LCRYPTO_ALIAS(BIO_s_null);
 
 static int
 null_new(BIO *bi)

lib/libcrypto/bio/bss_sock.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: bss_sock.c,v 1.25 2022/01/07 09:02:17 tb Exp $ */
+/* $OpenBSD: bss_sock.c,v 1.26 2023/07/05 21:23:37 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -91,6 +91,7 @@ BIO_s_socket(void)
 {
 	return (&methods_sockp);
 }
+LCRYPTO_ALIAS(BIO_s_socket);
 
 BIO *
 BIO_new_socket(int fd, int close_flag)
@@ -103,6 +104,7 @@ BIO_new_socket(int fd, int close_flag)
 	BIO_set_fd(ret, fd, close_flag);
 	return (ret);
 }
+LCRYPTO_ALIAS(BIO_new_socket);
 
 static int
 sock_new(BIO *bi)
@@ -222,6 +224,7 @@ BIO_sock_should_retry(int i)
 	}
 	return (0);
 }
+LCRYPTO_ALIAS(BIO_sock_should_retry);
 
 int
 BIO_sock_non_fatal_error(int err)
@@ -238,4 +241,4 @@ BIO_sock_non_fatal_error(int err)
 	}
 	return (0);
 }
-
+LCRYPTO_ALIAS(BIO_sock_non_fatal_error);

lib/libcrypto/bn/bn_local.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_local.h,v 1.24 2023/06/24 16:01:43 jsing Exp $ */
+/* $OpenBSD: bn_local.h,v 1.25 2023/07/06 14:37:39 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -323,5 +323,9 @@ int bn_is_perfect_square(int *out_perfect, const BIGNUM *n, BN_CTX *ctx);
 
 int bn_is_prime_bpsw(int *is_prime, const BIGNUM *n, BN_CTX *ctx, size_t rounds);
 
+int bn_printf(BIO *bio, const BIGNUM *bn, int indent, const char *fmt, ...)
+    __attribute__((__format__ (printf, 4, 5)))
+    __attribute__((__nonnull__ (4)));
+
 __END_HIDDEN_DECLS
 #endif /* !HEADER_BN_LOCAL_H */

lib/libcrypto/bn/bn_print.c

@@ -0,0 +1,147 @@
+/*	$OpenBSD: bn_print.c,v 1.40 2023/07/06 14:37:39 tb Exp $ */
+
+/*
+ * Copyright (c) 2023 Theo Buehler <tb@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <ctype.h>
+#include <limits.h>
+#include <stdarg.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <openssl/bio.h>
+#include <openssl/bn.h>
+
+#include "bytestring.h"
+
+static int
+bn_print_zero(BIO *bio, const BIGNUM *bn)
+{
+	if (!BN_is_zero(bn))
+		return 0;
+	if (BIO_printf(bio, " 0\n") <= 0)
+		return 0;
+	return 1;
+}
+
+static int
+bn_print_word(BIO *bio, const BIGNUM *bn)
+{
+	BN_ULONG word;
+	const char *neg = "";
+
+	if (BN_is_zero(bn) || BN_num_bytes(bn) > BN_BYTES)
+		return 0;
+
+	if (BN_is_negative(bn))
+		neg = "-";
+
+	word = BN_get_word(bn);
+	if (BIO_printf(bio, " %s%lu (%s0x%lx)\n", neg, word, neg, word) <= 0)
+		return 0;
+
+	return 1;
+}
+
+static int
+bn_print_bignum(BIO *bio, const BIGNUM *bn, int indent)
+{
+	CBS cbs;
+	char *hex = NULL;
+	size_t hex_len = 0;
+	size_t octets = 0;
+	uint8_t hi, lo;
+	const char *sep = ":";
+	int ret = 0;
+
+	if (BN_num_bytes(bn) <= BN_BYTES)
+		goto err;
+
+	/* Secondary indent is 4 spaces, capped at 128. */
+	if (indent > INT_MAX - 4)
+		goto err;
+	indent += 4;
+	if (indent > 128)
+		indent = 128;
+	if (indent < 0)
+		indent = 0;
+
+	if ((hex = BN_bn2hex(bn)) == NULL)
+		goto err;
+	hex_len = strlen(hex);
+
+	CBS_init(&cbs, hex, hex_len);
+
+	if (BN_is_negative(bn)) {
+		if (BIO_printf(bio, " (Negative)") <= 0)
+			goto err;
+		if (!CBS_skip(&cbs, 1))
+			goto err;
+	}
+
+	while (CBS_len(&cbs) > 0) {
+		if (!CBS_get_u8(&cbs, &hi))
+			goto err;
+		if (!CBS_get_u8(&cbs, &lo))
+			goto err;
+		if (octets++ % 15 == 0) {
+			if (BIO_printf(bio, "\n%*s", indent, "") <= 0)
+				goto err;
+		}
+		if (CBS_len(&cbs) == 0)
+			sep = "";
+		if (BIO_printf(bio, "%c%c%s", tolower(hi), tolower(lo), sep) <= 0)
+			goto err;
+	}
+
+	if (BIO_printf(bio, "\n") <= 0)
+		goto err;
+
+	ret = 1;
+
+ err:
+	freezero(hex, hex_len);
+
+	return ret;
+}
+
+int
+bn_printf(BIO *bio, const BIGNUM *bn, int indent, const char *fmt, ...)
+{
+	va_list ap;
+	int rv;
+
+	if (bn == NULL)
+		return 1;
+
+	if (!BIO_indent(bio, indent, 128))
+		return 0;
+
+	va_start(ap, fmt);
+	rv = BIO_vprintf(bio, fmt, ap);
+	va_end(ap);
+	if (rv < 0)
+		return 0;
+
+	if (BN_is_zero(bn))
+		return bn_print_zero(bio, bn);
+
+	if (BN_num_bytes(bn) <= BN_BYTES)
+		return bn_print_word(bio, bn);
+
+	return bn_print_bignum(bio, bn, indent);
+}

lib/libcrypto/bn/bn_sqr.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_sqr.c,v 1.34 2023/06/24 17:06:54 jsing Exp $ */
+/* $OpenBSD: bn_sqr.c,v 1.35 2023/07/02 13:11:23 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -160,41 +160,45 @@ bn_sqr_comba8(BN_ULONG *r, const BN_ULONG *a)
 }
 #endif
 
-#ifndef HAVE_BN_SQR_WORDS
+#ifndef HAVE_BN_SQR
 /*
- * bn_sqr_words() computes (r[i*2+1]:r[i*2]) = a[i] * a[i].
+ * bn_sqr_add_words() computes (r[i*2+1]:r[i*2]) = (r[i*2+1]:r[i*2]) + a[i] * a[i].
  */
-void
-bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n)
+static void
+bn_sqr_add_words(BN_ULONG *r, const BN_ULONG *a, int n)
 {
+	BN_ULONG x3, x2, x1, x0;
+	BN_ULONG carry = 0;
+
 	assert(n >= 0);
 	if (n <= 0)
 		return;
 
-#ifndef OPENSSL_SMALL_FOOTPRINT
 	while (n & ~3) {
-		bn_mulw(a[0], a[0], &r[1], &r[0]);
-		bn_mulw(a[1], a[1], &r[3], &r[2]);
-		bn_mulw(a[2], a[2], &r[5], &r[4]);
-		bn_mulw(a[3], a[3], &r[7], &r[6]);
+		bn_mulw(a[0], a[0], &x1, &x0);
+		bn_mulw(a[1], a[1], &x3, &x2);
+		bn_qwaddqw(x3, x2, x1, x0, r[3], r[2], r[1], r[0], carry,
+		    &carry, &r[3], &r[2], &r[1], &r[0]);
+		bn_mulw(a[2], a[2], &x1, &x0);
+		bn_mulw(a[3], a[3], &x3, &x2);
+		bn_qwaddqw(x3, x2, x1, x0, r[7], r[6], r[5], r[4], carry,
+		    &carry, &r[7], &r[6], &r[5], &r[4]);
+
 		a += 4;
 		r += 8;
 		n -= 4;
 	}
-#endif
 	while (n) {
-		bn_mulw(a[0], a[0], &r[1], &r[0]);
+		bn_mulw_addw_addw(a[0], a[0], r[0], carry, &carry, &r[0]);
+		bn_addw(r[1], carry, &carry, &r[1]);
 		a++;
 		r += 2;
 		n--;
 	}
 }
-#endif
 
-#ifndef HAVE_BN_SQR
 static void
-bn_sqr_normal(BN_ULONG *r, int r_len, const BN_ULONG *a, int a_len,
-    BN_ULONG *tmp)
+bn_sqr_normal(BN_ULONG *r, int r_len, const BN_ULONG *a, int a_len)
 {
 	const BN_ULONG *ap;
 	BN_ULONG *rp;
@@ -234,8 +238,7 @@ bn_sqr_normal(BN_ULONG *r, int r_len, const BN_ULONG *a, int a_len,
 	bn_add_words(r, r, r, r_len);
 
 	/* Add squares. */
-	bn_sqr_words(tmp, a, a_len);
-	bn_add_words(r, r, tmp, r_len);
+	bn_sqr_add_words(r, a, a_len);
 }
 
 /*
@@ -246,24 +249,9 @@ bn_sqr_normal(BN_ULONG *r, int r_len, const BN_ULONG *a, int a_len,
 int
 bn_sqr(BIGNUM *r, const BIGNUM *a, int r_len, BN_CTX *ctx)
 {
-	BIGNUM *tmp;
-	int ret = 0;
+	bn_sqr_normal(r->d, r_len, a->d, a->top);
 
-	BN_CTX_start(ctx);
-
-	if ((tmp = BN_CTX_get(ctx)) == NULL)
-		goto err;
-	if (!bn_wexpand(tmp, r_len))
-		goto err;
-
-	bn_sqr_normal(r->d, r_len, a->d, a->top, tmp->d);
-
-	ret = 1;
-
- err:
-	BN_CTX_end(ctx);
-
-	return ret;
+	return 1;
 }
 #endif
 

lib/libcrypto/chacha/chacha.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: chacha.c,v 1.9 2022/08/20 18:44:58 jsing Exp $ */
+/* $OpenBSD: chacha.c,v 1.10 2023/07/05 16:17:20 beck Exp $ */
 /*
  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
  *
@@ -27,6 +27,7 @@ ChaCha_set_key(ChaCha_ctx *ctx, const unsigned char *key, uint32_t keybits)
 	chacha_keysetup((chacha_ctx *)ctx, key, keybits);
 	ctx->unused = 0;
 }
+LCRYPTO_ALIAS(ChaCha_set_key);
 
 void
 ChaCha_set_iv(ChaCha_ctx *ctx, const unsigned char *iv,
@@ -35,6 +36,7 @@ ChaCha_set_iv(ChaCha_ctx *ctx, const unsigned char *iv,
 	chacha_ivsetup((chacha_ctx *)ctx, iv, counter);
 	ctx->unused = 0;
 }
+LCRYPTO_ALIAS(ChaCha_set_iv);
 
 void
 ChaCha(ChaCha_ctx *ctx, unsigned char *out, const unsigned char *in, size_t len)
@@ -64,6 +66,7 @@ ChaCha(ChaCha_ctx *ctx, unsigned char *out, const unsigned char *in, size_t len)
 		len -= n;
 	}
 }
+LCRYPTO_ALIAS(ChaCha);
 
 void
 CRYPTO_chacha_20(unsigned char *out, const unsigned char *in, size_t len,
@@ -95,6 +98,7 @@ CRYPTO_chacha_20(unsigned char *out, const unsigned char *in, size_t len,
 		len -= n;
 	}
 }
+LCRYPTO_ALIAS(CRYPTO_chacha_20);
 
 void
 CRYPTO_xchacha_20(unsigned char *out, const unsigned char *in, size_t len,
@@ -105,3 +109,4 @@ CRYPTO_xchacha_20(unsigned char *out, const unsigned char *in, size_t len,
 	CRYPTO_hchacha_20(subkey, key, iv);
 	CRYPTO_chacha_20(out, in, len, subkey, iv + 16, 0);
 }
+LCRYPTO_ALIAS(CRYPTO_xchacha_20);

lib/libcrypto/crypto.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: crypto.h,v 1.60 2023/04/30 17:07:46 tb Exp $ */
+/* $OpenBSD: crypto.h,v 1.62 2023/07/05 13:06:06 bcook Exp $ */
 /* ====================================================================
  * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
  *
@@ -487,7 +487,15 @@ int CRYPTO_mem_leaks(struct bio_st *bio);
 typedef int *CRYPTO_MEM_LEAK_CB(unsigned long, const char *, int, int, void *);
 int CRYPTO_mem_leaks_cb(CRYPTO_MEM_LEAK_CB *cb);
 
-/* die if we have to */
+/*
+ * Because this is a public header, use a portable method of indicating the
+ * function does not return, rather than __dead.
+ */
+#ifdef _MSC_VER
+__declspec(noreturn)
+#else
+__attribute__((__noreturn__))
+#endif
 void OpenSSLDie(const char *file, int line, const char *assertion);
 #define OPENSSL_assert(e)       (void)((e) ? 0 : (OpenSSLDie(__FILE__, __LINE__, #e),1))
 
@@ -509,26 +517,6 @@ void OPENSSL_init(void);
 int CRYPTO_memcmp(const void *a, const void *b, size_t len);
 #endif
 
-void ERR_load_CRYPTO_strings(void);
-
-/* Error codes for the CRYPTO functions. */
-
-/* Function codes. */
-#define CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX		 100
-#define CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID		 103
-#define CRYPTO_F_CRYPTO_GET_NEW_LOCKID			 101
-#define CRYPTO_F_CRYPTO_SET_EX_DATA			 102
-#define CRYPTO_F_DEF_ADD_INDEX				 104
-#define CRYPTO_F_DEF_GET_CLASS				 105
-#define CRYPTO_F_FIPS_MODE_SET				 109
-#define CRYPTO_F_INT_DUP_EX_DATA			 106
-#define CRYPTO_F_INT_FREE_EX_DATA			 107
-#define CRYPTO_F_INT_NEW_EX_DATA			 108
-
-/* Reason codes. */
-#define CRYPTO_R_FIPS_MODE_NOT_SUPPORTED		 101
-#define CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK		 100
-
 /*
  * OpenSSL compatible OPENSSL_INIT options.
  */
@@ -564,6 +552,26 @@ void ERR_load_CRYPTO_strings(void);
 int OPENSSL_init_crypto(uint64_t opts, const void *settings);
 void OPENSSL_cleanup(void);
 
+void ERR_load_CRYPTO_strings(void);
+
+/* Error codes for the CRYPTO functions. */
+
+/* Function codes. */
+#define CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX		 100
+#define CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID		 103
+#define CRYPTO_F_CRYPTO_GET_NEW_LOCKID			 101
+#define CRYPTO_F_CRYPTO_SET_EX_DATA			 102
+#define CRYPTO_F_DEF_ADD_INDEX				 104
+#define CRYPTO_F_DEF_GET_CLASS				 105
+#define CRYPTO_F_FIPS_MODE_SET				 109
+#define CRYPTO_F_INT_DUP_EX_DATA			 106
+#define CRYPTO_F_INT_FREE_EX_DATA			 107
+#define CRYPTO_F_INT_NEW_EX_DATA			 108
+
+/* Reason codes. */
+#define CRYPTO_R_FIPS_MODE_NOT_SUPPORTED		 101
+#define CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK		 100
+
 #ifdef  __cplusplus
 }
 #endif

lib/libcrypto/crypto_init.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: crypto_init.c,v 1.9 2023/06/19 18:32:05 tb Exp $ */
+/*	$OpenBSD: crypto_init.c,v 1.10 2023/07/02 19:52:01 tb Exp $ */
 /*
  * Copyright (c) 2018 Bob Beck <beck@openbsd.org>
  *
@@ -20,6 +20,7 @@
 #include <pthread.h>
 #include <stdio.h>
 
+#include <openssl/asn1.h>
 #include <openssl/conf.h>
 #ifndef OPENSSL_NO_ENGINE
 #include <openssl/engine.h>
@@ -27,6 +28,7 @@
 #include <openssl/err.h>
 #include <openssl/evp.h>
 #include <openssl/objects.h>
+#include <openssl/x509v3.h>
 
 #include "cryptlib.h"
 #include "x509_issuer_cache.h"
@@ -85,6 +87,13 @@ OPENSSL_cleanup(void)
 	ENGINE_cleanup();
 #endif
 	EVP_cleanup();
+
+	ASN1_STRING_TABLE_cleanup();
+	X509V3_EXT_cleanup();
+	X509_PURPOSE_cleanup();
+	X509_TRUST_cleanup();
+	X509_VERIFY_PARAM_table_cleanup();
+
 	x509_issuer_cache_free();
 
 	crypto_init_cleaned_up = 1;

lib/libcrypto/ec/ec.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: ec.h,v 1.41 2023/04/27 07:10:05 tb Exp $ */
+/* $OpenBSD: ec.h,v 1.42 2023/07/05 17:10:10 tb Exp $ */
 /*
  * Originally written by Bodo Moeller for the OpenSSL project.
  */
@@ -606,6 +606,7 @@ void ERR_load_EC_strings(void);
 /* Reason codes. */
 #define EC_R_ASN1_ERROR					 115
 #define EC_R_ASN1_UNKNOWN_FIELD				 116
+#define EC_R_BAD_SIGNATURE				 166
 #define EC_R_BIGNUM_OUT_OF_RANGE			 144
 #define EC_R_BUFFER_TOO_SMALL				 100
 #define EC_R_COORDINATES_OUT_OF_RANGE			 146
@@ -633,10 +634,13 @@ void ERR_load_EC_strings(void);
 #define EC_R_INVALID_PENTANOMIAL_BASIS			 132
 #define EC_R_INVALID_PRIVATE_KEY			 123
 #define EC_R_INVALID_TRINOMIAL_BASIS			 137
+#define EC_R_KDF_FAILED					 167
 #define EC_R_KDF_PARAMETER_ERROR			 148
+#define EC_R_KEY_TRUNCATION				 168
 #define EC_R_KEYS_NOT_SET				 140
 #define EC_R_MISSING_PARAMETERS				 124
 #define EC_R_MISSING_PRIVATE_KEY			 125
+#define EC_R_NEED_NEW_SETUP_VALUES			 170
 #define EC_R_NOT_A_NIST_PRIME				 135
 #define EC_R_NOT_A_SUPPORTED_NIST_PRIME			 136
 #define EC_R_NOT_IMPLEMENTED				 126
@@ -647,6 +651,7 @@ void ERR_load_EC_strings(void);
 #define EC_R_PEER_KEY_ERROR				 149
 #define EC_R_PKPARAMETERS2GROUP_FAILURE			 127
 #define EC_R_POINT_AT_INFINITY				 106
+#define EC_R_POINT_ARITHMETIC_FAILURE			 169
 #define EC_R_POINT_IS_NOT_ON_CURVE			 107
 #define EC_R_SHARED_INFO_ERROR				 150
 #define EC_R_SLOT_FULL					 108

lib/libcrypto/ec/ec_ameth.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_ameth.c,v 1.38 2023/03/07 07:01:35 tb Exp $ */
+/* $OpenBSD: ec_ameth.c,v 1.40 2023/07/03 09:25:44 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -367,23 +367,12 @@ int_ec_size(const EVP_PKEY *pkey)
 static int
 ec_bits(const EVP_PKEY *pkey)
 {
-	BIGNUM *order = BN_new();
 	const EC_GROUP *group;
-	int ret;
 
-	if (!order) {
-		ERR_clear_error();
+	if ((group = EC_KEY_get0_group(pkey->pkey.ec)) == NULL)
 		return 0;
-	}
-	group = EC_KEY_get0_group(pkey->pkey.ec);
-	if (!EC_GROUP_get_order(group, order, NULL)) {
-		BN_free(order);
-		ERR_clear_error();
-		return 0;
-	}
-	ret = BN_num_bits(order);
-	BN_free(order);
-	return ret;
+
+	return EC_GROUP_order_bits(group);
 }
 
 static int
@@ -442,7 +431,7 @@ do_EC_KEY_print(BIO *bp, const EC_KEY *x, int off, int ktype)
 	const char *ecstr;
 	size_t buf_len = 0, i;
 	int ret = 0, reason = ERR_R_BIO_LIB;
-	BIGNUM *pub_key = NULL, *order = NULL;
+	BIGNUM *pub_key = NULL;
 	BN_CTX *ctx = NULL;
 	const EC_GROUP *group;
 	const EC_POINT *public_key;
@@ -492,19 +481,13 @@ do_EC_KEY_print(BIO *bp, const EC_KEY *x, int off, int ktype)
 
 	if (!BIO_indent(bp, off, 128))
 		goto err;
-	if ((order = BN_new()) == NULL)
-		goto err;
-	if (!EC_GROUP_get_order(group, order, NULL))
-		goto err;
 	if (BIO_printf(bp, "%s: (%d bit)\n", ecstr,
-		BN_num_bits(order)) <= 0)
+	    EC_GROUP_order_bits(group)) <= 0)
 		goto err;
 
-	if ((priv_key != NULL) && !ASN1_bn_print(bp, "priv:", priv_key,
-		buffer, off))
+	if (!ASN1_bn_print(bp, "priv:", priv_key, buffer, off))
 		goto err;
-	if ((pub_key != NULL) && !ASN1_bn_print(bp, "pub: ", pub_key,
-		buffer, off))
+	if (!ASN1_bn_print(bp, "pub: ", pub_key, buffer, off))
 		goto err;
 	if (!ECPKParameters_print(bp, group, off))
 		goto err;
@@ -513,7 +496,6 @@ do_EC_KEY_print(BIO *bp, const EC_KEY *x, int off, int ktype)
 	if (!ret)
 		ECerror(reason);
 	BN_free(pub_key);
-	BN_free(order);
 	BN_CTX_free(ctx);
 	free(buffer);
 	return (ret);

lib/libcrypto/ec/ec_check.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_check.c,v 1.13 2023/04/11 18:58:20 jsing Exp $ */
+/* $OpenBSD: ec_check.c,v 1.14 2023/07/03 09:29:55 tb Exp $ */
 /* ====================================================================
  * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
  *
@@ -60,8 +60,8 @@ int
 EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx_in)
 {
 	BN_CTX *ctx;
-	BIGNUM *order;
 	EC_POINT *point = NULL;
+	const BIGNUM *order;
 	int ret = 0;
 
 	if ((ctx = ctx_in) == NULL)
@@ -69,11 +69,6 @@ EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx_in)
 	if (ctx == NULL)
 		goto err;
 
-	BN_CTX_start(ctx);
-
-	if ((order = BN_CTX_get(ctx)) == NULL)
-		goto err;
-
 	/* check the discriminant */
 	if (!EC_GROUP_check_discriminant(group, ctx)) {
 		ECerror(EC_R_DISCRIMINANT_IS_ZERO);
@@ -91,7 +86,7 @@ EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx_in)
 	/* check the order of the generator */
 	if ((point = EC_POINT_new(group)) == NULL)
 		goto err;
-	if (!EC_GROUP_get_order(group, order, ctx))
+	if ((order = EC_GROUP_get0_order(group)) == NULL)
 		goto err;
 	if (BN_is_zero(order)) {
 		ECerror(EC_R_UNDEFINED_ORDER);
@@ -107,8 +102,6 @@ EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx_in)
 	ret = 1;
 
  err:
-	BN_CTX_end(ctx);
-
 	if (ctx != ctx_in)
 		BN_CTX_free(ctx);
 

lib/libcrypto/ec/ec_err.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_err.c,v 1.15 2022/11/19 07:00:57 tb Exp $ */
+/* $OpenBSD: ec_err.c,v 1.16 2023/07/05 17:10:10 tb Exp $ */
 /* ====================================================================
  * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
  *
@@ -74,6 +74,7 @@ static ERR_STRING_DATA EC_str_reasons[] =
 {
 	{ERR_REASON(EC_R_ASN1_ERROR), "asn1 error"},
 	{ERR_REASON(EC_R_ASN1_UNKNOWN_FIELD), "asn1 unknown field"},
+	{ERR_REASON(EC_R_BAD_SIGNATURE), "bad signature"},
 	{ERR_REASON(EC_R_BIGNUM_OUT_OF_RANGE), "bignum out of range"},
 	{ERR_REASON(EC_R_BUFFER_TOO_SMALL), "buffer too small"},
 	{ERR_REASON(EC_R_COORDINATES_OUT_OF_RANGE), "coordinates out of range"},
@@ -101,10 +102,13 @@ static ERR_STRING_DATA EC_str_reasons[] =
 	{ERR_REASON(EC_R_INVALID_PENTANOMIAL_BASIS), "invalid pentanomial basis"},
 	{ERR_REASON(EC_R_INVALID_PRIVATE_KEY), "invalid private key"},
 	{ERR_REASON(EC_R_INVALID_TRINOMIAL_BASIS), "invalid trinomial basis"},
+	{ERR_REASON(EC_R_KDF_FAILED), "kdf failed"},
 	{ERR_REASON(EC_R_KDF_PARAMETER_ERROR), "kdf parameter error"},
+	{ERR_REASON(EC_R_KEY_TRUNCATION), "key would be truncated"},
 	{ERR_REASON(EC_R_KEYS_NOT_SET), "keys not set"},
 	{ERR_REASON(EC_R_MISSING_PARAMETERS), "missing parameters"},
 	{ERR_REASON(EC_R_MISSING_PRIVATE_KEY), "missing private key"},
+	{ERR_REASON(EC_R_NEED_NEW_SETUP_VALUES), "need new setup values"},
 	{ERR_REASON(EC_R_NOT_A_NIST_PRIME), "not a NIST prime"},
 	{ERR_REASON(EC_R_NOT_A_SUPPORTED_NIST_PRIME), "not a supported NIST prime"},
 	{ERR_REASON(EC_R_NOT_IMPLEMENTED), "not implemented"},
@@ -114,6 +118,7 @@ static ERR_STRING_DATA EC_str_reasons[] =
 	{ERR_REASON(EC_R_PASSED_NULL_PARAMETER), "passed null parameter"},
 	{ERR_REASON(EC_R_PEER_KEY_ERROR), "peer key error"},
 	{ERR_REASON(EC_R_PKPARAMETERS2GROUP_FAILURE), "pkparameters2group failure"},
+	{ERR_REASON(EC_R_POINT_ARITHMETIC_FAILURE), "point arithmetic failure"},
 	{ERR_REASON(EC_R_POINT_AT_INFINITY), "point at infinity"},
 	{ERR_REASON(EC_R_POINT_IS_NOT_ON_CURVE), "point is not on curve"},
 	{ERR_REASON(EC_R_SHARED_INFO_ERROR), "shared info error"},

lib/libcrypto/ec/ec_key.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_key.c,v 1.33 2023/06/25 18:52:27 tb Exp $ */
+/* $OpenBSD: ec_key.c,v 1.35 2023/07/05 08:39:40 tb Exp $ */
 /*
  * Written by Nils Larsch for the OpenSSL project.
  */
@@ -241,12 +241,11 @@ EC_KEY_generate_key(EC_KEY *eckey)
 }
 
 int
-ossl_ec_key_gen(EC_KEY *eckey)
+ec_key_gen(EC_KEY *eckey)
 {
-	BN_CTX *ctx = NULL;
 	BIGNUM *priv_key = NULL;
 	EC_POINT *pub_key = NULL;
-	BIGNUM *order;
+	const BIGNUM *order;
 	int ret = 0;
 
 	if (eckey == NULL || eckey->group == NULL) {
@@ -259,19 +258,11 @@ ossl_ec_key_gen(EC_KEY *eckey)
 	if ((pub_key = EC_POINT_new(eckey->group)) == NULL)
 		goto err;
 
-	if ((ctx = BN_CTX_new()) == NULL)
-		goto err;
-
-	BN_CTX_start(ctx);
-
-	if ((order = BN_CTX_get(ctx)) == NULL)
-		goto err;
-
-	if (!EC_GROUP_get_order(eckey->group, order, ctx))
+	if ((order = EC_GROUP_get0_order(eckey->group)) == NULL)
 		goto err;
 	if (!bn_rand_interval(priv_key, BN_value_one(), order))
 		goto err;
-	if (!EC_POINT_mul(eckey->group, pub_key, priv_key, NULL, NULL, ctx))
+	if (!EC_POINT_mul(eckey->group, pub_key, priv_key, NULL, NULL, NULL))
 		goto err;
 
 	BN_free(eckey->priv_key);
@@ -287,8 +278,6 @@ ossl_ec_key_gen(EC_KEY *eckey)
  err:
 	EC_POINT_free(pub_key);
 	BN_free(priv_key);
-	BN_CTX_end(ctx);
-	BN_CTX_free(ctx);
 
 	return ret;
 }
@@ -298,7 +287,7 @@ EC_KEY_check_key(const EC_KEY *eckey)
 {
 	BN_CTX *ctx = NULL;
 	EC_POINT *point = NULL;
-	BIGNUM *order;
+	const BIGNUM *order;
 	int ret = 0;
 
 	if (eckey == NULL || eckey->group == NULL || eckey->pub_key == NULL) {
@@ -314,11 +303,6 @@ EC_KEY_check_key(const EC_KEY *eckey)
 	if ((ctx = BN_CTX_new()) == NULL)
 		goto err;
 
-	BN_CTX_start(ctx);
-
-	if ((order = BN_CTX_get(ctx)) == NULL)
-		goto err;
-
 	if ((point = EC_POINT_new(eckey->group)) == NULL)
 		goto err;
 
@@ -329,7 +313,7 @@ EC_KEY_check_key(const EC_KEY *eckey)
 	}
 
 	/* Ensure public key multiplied by the order is the point at infinity. */
-	if (!EC_GROUP_get_order(eckey->group, order, ctx)) {
+	if ((order = EC_GROUP_get0_order(eckey->group)) == NULL) {
 		ECerror(EC_R_INVALID_GROUP_ORDER);
 		goto err;
 	}
@@ -366,7 +350,6 @@ EC_KEY_check_key(const EC_KEY *eckey)
 	ret = 1;
 
  err:
-	BN_CTX_end(ctx);
 	BN_CTX_free(ctx);
 	EC_POINT_free(point);
 

lib/libcrypto/ec/ec_kmeth.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: ec_kmeth.c,v 1.8 2023/06/25 18:52:27 tb Exp $	*/
+/*	$OpenBSD: ec_kmeth.c,v 1.10 2023/07/05 11:37:46 tb Exp $	*/
 /*
  * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
@@ -60,7 +60,7 @@
 
 #include "bn_local.h"
 #include "ec_local.h"
-#include "ecs_local.h"
+#include "ecdsa_local.h"
 
 static const EC_KEY_METHOD openssl_ec_key_method = {
 	.name = "OpenSSL EC_KEY method",
@@ -74,15 +74,15 @@ static const EC_KEY_METHOD openssl_ec_key_method = {
 	.set_private = NULL,
 	.set_public = NULL,
 
-	.keygen = ossl_ec_key_gen,
-	.compute_key = ossl_ecdh_compute_key,
+	.keygen = ec_key_gen,
+	.compute_key = ecdh_compute_key,
 
-	.sign = ossl_ecdsa_sign,
-	.sign_setup = ossl_ecdsa_sign_setup,
-	.sign_sig = ossl_ecdsa_sign_sig,
+	.sign = ecdsa_sign,
+	.sign_setup = ecdsa_sign_setup,
+	.sign_sig = ecdsa_sign_sig,
 
-	.verify = ossl_ecdsa_verify,
-	.verify_sig = ossl_ecdsa_verify_sig,
+	.verify = ecdsa_verify,
+	.verify_sig = ecdsa_verify_sig,
 };
 
 const EC_KEY_METHOD *default_ec_key_meth = &openssl_ec_key_method;

lib/libcrypto/ec/ec_lib.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_lib.c,v 1.61 2023/06/25 18:52:27 tb Exp $ */
+/* $OpenBSD: ec_lib.c,v 1.62 2023/07/03 07:26:40 tb Exp $ */
 /*
  * Originally written by Bodo Moeller for the OpenSSL project.
  */
@@ -357,7 +357,6 @@ EC_GROUP_get0_generator(const EC_GROUP *group)
 	return group->generator;
 }
 
-
 int
 EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx)
 {
@@ -367,6 +366,12 @@ EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx)
 	return !BN_is_zero(order);
 }
 
+const BIGNUM *
+EC_GROUP_get0_order(const EC_GROUP *group)
+{
+	return &group->order;
+}
+
 int
 EC_GROUP_order_bits(const EC_GROUP *group)
 {

lib/libcrypto/ec/ec_local.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_local.h,v 1.22 2023/06/27 07:31:18 tb Exp $ */
+/* $OpenBSD: ec_local.h,v 1.24 2023/07/05 08:39:40 tb Exp $ */
 /*
  * Originally written by Bodo Moeller for the OpenSSL project.
  */
@@ -341,12 +341,12 @@ struct ec_key_method_st {
 
 #define EC_KEY_METHOD_DYNAMIC   1
 
-int ossl_ec_key_gen(EC_KEY *eckey);
-int ossl_ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh,
+int ec_key_gen(EC_KEY *eckey);
+int ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh,
     void *(*KDF) (const void *in, size_t inlen, void *out, size_t *outlen));
-int ossl_ecdsa_verify(int type, const unsigned char *dgst, int dgst_len,
+int ecdsa_verify(int type, const unsigned char *dgst, int dgst_len,
     const unsigned char *sigbuf, int sig_len, EC_KEY *eckey);
-int ossl_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len,
+int ecdsa_verify_sig(const unsigned char *dgst, int dgst_len,
     const ECDSA_SIG *sig, EC_KEY *eckey);
 
 /*
@@ -360,4 +360,7 @@ int EC_POINT_set_Jprojective_coordinates(const EC_GROUP *group, EC_POINT *p,
 int EC_POINT_get_Jprojective_coordinates(const EC_GROUP *group,
     const EC_POINT *p, BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *ctx);
 
+/* Public API in OpenSSL */
+const BIGNUM *EC_GROUP_get0_order(const EC_GROUP *group);
+
 __END_HIDDEN_DECLS

lib/libcrypto/ec/eck_prn.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: eck_prn.c,v 1.21 2023/06/27 07:32:29 tb Exp $ */
+/* $OpenBSD: eck_prn.c,v 1.27 2023/07/06 15:18:02 tb Exp $ */
 /*
  * Written by Nils Larsch for the OpenSSL project.
  */
@@ -69,6 +69,8 @@
 #include <openssl/err.h>
 #include <openssl/evp.h>
 
+#include "ec_local.h"
+
 int
 ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off)
 {
@@ -157,155 +159,156 @@ static int
 print_bin(BIO *fp, const char *str, const unsigned char *num,
     size_t len, int off);
 
-int
-ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off)
+static int
+ecpk_print_asn1_parameters(BIO *bp, const EC_GROUP *group, int off)
 {
-	unsigned char *buffer = NULL;
-	size_t buf_len = 0, i;
-	int ret = 0, reason = ERR_R_BIO_LIB;
+	const char *nist_name;
 	int nid;
-	BN_CTX *ctx = NULL;
-	const EC_POINT *point = NULL;
-	BIGNUM *p = NULL, *a = NULL, *b = NULL, *gen = NULL, *order = NULL,
-	*cofactor = NULL;
-	const unsigned char *seed;
-	size_t seed_len = 0;
-	const char *nname;
+	int ret = 0;
 
-	static const char *gen_compressed = "Generator (compressed):";
-	static const char *gen_uncompressed = "Generator (uncompressed):";
-	static const char *gen_hybrid = "Generator (hybrid):";
-
-	if (!x) {
-		reason = ERR_R_PASSED_NULL_PARAMETER;
+	if (!BIO_indent(bp, off, 128)) {
+		ECerror(ERR_R_BIO_LIB);
 		goto err;
 	}
-	ctx = BN_CTX_new();
-	if (ctx == NULL) {
-		reason = ERR_R_MALLOC_FAILURE;
+
+	if ((nid = EC_GROUP_get_curve_name(group)) == NID_undef) {
+		ECerror(ERR_R_INTERNAL_ERROR);
 		goto err;
 	}
-	if (EC_GROUP_get_asn1_flag(x)) {
-		/* the curve parameter are given by an asn1 OID */
-		if (!BIO_indent(bp, off, 128))
-			goto err;
 
-		nid = EC_GROUP_get_curve_name(x);
-		if (nid == 0)
-			goto err;
-
-		if (BIO_printf(bp, "ASN1 OID: %s", OBJ_nid2sn(nid)) <= 0)
-			goto err;
-		if (BIO_printf(bp, "\n") <= 0)
-			goto err;
-
-		nname = EC_curve_nid2nist(nid);
-		if (nname) {
-			if (!BIO_indent(bp, off, 128))
-				goto err;
-			if (BIO_printf(bp, "NIST CURVE: %s\n", nname) <= 0)
-				goto err;
-		}
-	} else {
-		/* explicit parameters */
-		point_conversion_form_t form;
-
-		if ((p = BN_new()) == NULL || (a = BN_new()) == NULL ||
-		    (b = BN_new()) == NULL || (order = BN_new()) == NULL ||
-		    (cofactor = BN_new()) == NULL) {
-			reason = ERR_R_MALLOC_FAILURE;
-			goto err;
-		}
-		if (!EC_GROUP_get_curve(x, p, a, b, ctx)) {
-			reason = ERR_R_EC_LIB;
-			goto err;
-		}
-
-		if ((point = EC_GROUP_get0_generator(x)) == NULL) {
-			reason = ERR_R_EC_LIB;
-			goto err;
-		}
-		if (!EC_GROUP_get_order(x, order, NULL) ||
-		    !EC_GROUP_get_cofactor(x, cofactor, NULL)) {
-			reason = ERR_R_EC_LIB;
-			goto err;
-		}
-		form = EC_GROUP_get_point_conversion_form(x);
-
-		if ((gen = EC_POINT_point2bn(x, point,
-			    form, NULL, ctx)) == NULL) {
-			reason = ERR_R_EC_LIB;
-			goto err;
-		}
-		buf_len = (size_t) BN_num_bytes(p);
-		if (buf_len < (i = (size_t) BN_num_bytes(a)))
-			buf_len = i;
-		if (buf_len < (i = (size_t) BN_num_bytes(b)))
-			buf_len = i;
-		if (buf_len < (i = (size_t) BN_num_bytes(gen)))
-			buf_len = i;
-		if (buf_len < (i = (size_t) BN_num_bytes(order)))
-			buf_len = i;
-		if (buf_len < (i = (size_t) BN_num_bytes(cofactor)))
-			buf_len = i;
-
-		if ((seed = EC_GROUP_get0_seed(x)) != NULL)
-			seed_len = EC_GROUP_get_seed_len(x);
-
-		buf_len += 10;
-		if ((buffer = malloc(buf_len)) == NULL) {
-			reason = ERR_R_MALLOC_FAILURE;
-			goto err;
-		}
-		if (!BIO_indent(bp, off, 128))
-			goto err;
-
-		nid = EC_METHOD_get_field_type(EC_GROUP_method_of(x));
-		/* print the 'short name' of the field type */
-		if (BIO_printf(bp, "Field Type: %s\n", OBJ_nid2sn(nid)) <= 0)
-			goto err;
-
-		if ((p != NULL) && !ASN1_bn_print(bp, "Prime:", p, buffer, off))
-			goto err;
-		if ((a != NULL) && !ASN1_bn_print(bp, "A:   ", a, buffer, off))
-			goto err;
-		if ((b != NULL) && !ASN1_bn_print(bp, "B:   ", b, buffer, off))
-			goto err;
-		if (form == POINT_CONVERSION_COMPRESSED) {
-			if ((gen != NULL) && !ASN1_bn_print(bp, gen_compressed, gen,
-				buffer, off))
-				goto err;
-		} else if (form == POINT_CONVERSION_UNCOMPRESSED) {
-			if ((gen != NULL) && !ASN1_bn_print(bp, gen_uncompressed, gen,
-				buffer, off))
-				goto err;
-		} else {	/* form == POINT_CONVERSION_HYBRID */
-			if ((gen != NULL) && !ASN1_bn_print(bp, gen_hybrid, gen,
-				buffer, off))
-				goto err;
-		}
-		if ((order != NULL) && !ASN1_bn_print(bp, "Order: ", order,
-			buffer, off))
-			goto err;
-		if ((cofactor != NULL) && !ASN1_bn_print(bp, "Cofactor: ", cofactor,
-			buffer, off))
-			goto err;
-		if (seed && !print_bin(bp, "Seed:", seed, seed_len, off))
-			goto err;
+	if (BIO_printf(bp, "ASN1 OID: %s\n", OBJ_nid2sn(nid)) <= 0) {
+		ECerror(ERR_R_BIO_LIB);
+		goto err;
 	}
+
+	if ((nist_name = EC_curve_nid2nist(nid)) != NULL) {
+		if (!BIO_indent(bp, off, 128)) {
+			ECerror(ERR_R_BIO_LIB);
+			goto err;
+		}
+		if (BIO_printf(bp, "NIST CURVE: %s\n", nist_name) <= 0) {
+			ECerror(ERR_R_BIO_LIB);
+			goto err;
+		}
+	}
+
 	ret = 1;
  err:
-	if (!ret)
-		ECerror(reason);
-	BN_free(p);
-	BN_free(a);
-	BN_free(b);
-	BN_free(gen);
-	BN_free(order);
-	BN_free(cofactor);
+
+	return ret;
+}
+
+static int
+ecpk_print_explicit_parameters(BIO *bp, const EC_GROUP *group, int off)
+{
+	BN_CTX *ctx = NULL;
+	const BIGNUM *order;
+	BIGNUM *p, *a, *b, *cofactor;
+	BIGNUM *gen = NULL;
+	const EC_POINT *generator;
+	const char *conversion_form;
+	const unsigned char *seed;
+	size_t seed_len;
+	point_conversion_form_t form;
+	int nid;
+	int ret = 0;
+
+	if ((ctx = BN_CTX_new()) == NULL) {
+		ECerror(ERR_R_MALLOC_FAILURE);
+		goto err;
+	}
+
+	BN_CTX_start(ctx);
+
+	if ((p = BN_CTX_get(ctx)) == NULL)
+		goto err;
+	if ((a = BN_CTX_get(ctx)) == NULL)
+		goto err;
+	if ((b = BN_CTX_get(ctx)) == NULL)
+		goto err;
+	if ((cofactor = BN_CTX_get(ctx)) == NULL)
+		goto err;
+	if ((gen = BN_CTX_get(ctx)) == NULL)
+		goto err;
+
+	if (!EC_GROUP_get_curve(group, p, a, b, ctx)) {
+		ECerror(ERR_R_EC_LIB);
+		goto err;
+	}
+	if ((order = EC_GROUP_get0_order(group)) == NULL) {
+		ECerror(ERR_R_EC_LIB);
+		goto err;
+	}
+	if (!EC_GROUP_get_cofactor(group, cofactor, NULL)) {
+		ECerror(ERR_R_EC_LIB);
+		goto err;
+	}
+
+	if ((generator = EC_GROUP_get0_generator(group)) == NULL) {
+		ECerror(ERR_R_EC_LIB);
+		goto err;
+	}
+	form = EC_GROUP_get_point_conversion_form(group);
+	if (EC_POINT_point2bn(group, generator, form, gen, ctx) == NULL) {
+		ECerror(ERR_R_EC_LIB);
+		goto err;
+	}
+
+	if (!BIO_indent(bp, off, 128))
+		goto err;
+
+	nid = EC_METHOD_get_field_type(EC_GROUP_method_of(group));
+	if (BIO_printf(bp, "Field Type: %s\n", OBJ_nid2sn(nid)) <= 0)
+		goto err;
+
+	if (!bn_printf(bp, p, off, "Prime:"))
+		goto err;
+	if (!bn_printf(bp, a, off, "A:   "))
+		goto err;
+	if (!bn_printf(bp, b, off, "B:   "))
+		goto err;
+
+	if (form == POINT_CONVERSION_COMPRESSED)
+		conversion_form = "compressed";
+	else if (form == POINT_CONVERSION_UNCOMPRESSED)
+		conversion_form = "uncompressed";
+	else if (form == POINT_CONVERSION_HYBRID)
+		conversion_form = "hybrid";
+	else
+		conversion_form = "unknown";
+	if (!bn_printf(bp, gen, off, "Generator (%s):", conversion_form))
+		goto err;
+
+	if (!bn_printf(bp, order, off, "Order: "))
+		goto err;
+	if (!bn_printf(bp, cofactor, off, "Cofactor: "))
+		goto err;
+	if ((seed = EC_GROUP_get0_seed(group)) != NULL) {
+		seed_len = EC_GROUP_get_seed_len(group);
+		if (!print_bin(bp, "Seed:", seed, seed_len, off))
+			goto err;
+	}
+
+	ret = 1;
+ err:
+	BN_CTX_end(ctx);
 	BN_CTX_free(ctx);
-	free(buffer);
-	return (ret);
+
+	return ret;
+}
+
+int
+ECPKParameters_print(BIO *bp, const EC_GROUP *group, int off)
+{
+	if (group == NULL) {
+		ECerror(ERR_R_PASSED_NULL_PARAMETER);
+		return 0;
+	}
+
+	if (EC_GROUP_get_asn1_flag(group))
+		return ecpk_print_asn1_parameters(bp, group, off);
+
+	return ecpk_print_explicit_parameters(bp, group, off);
 }
 
 static int

lib/libcrypto/ec/ecp_smpl.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: ecp_smpl.c,v 1.44 2023/04/11 18:58:20 jsing Exp $ */
+/* $OpenBSD: ecp_smpl.c,v 1.45 2023/06/30 18:19:35 tb Exp $ */
 /* Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de>
  * for the OpenSSL project.
  * Includes code written by Bodo Moeller for the OpenSSL project.
@@ -162,7 +162,7 @@ ec_GFp_simple_group_set_curve(EC_GROUP *group,
 
  err:
 	BN_CTX_end(ctx);
-	
+
 	return ret;
 }
 

lib/libcrypto/ec/ecx_methods.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: ecx_methods.c,v 1.5 2023/03/15 06:34:07 tb Exp $ */
+/*	$OpenBSD: ecx_methods.c,v 1.7 2023/07/05 20:56:29 bcook Exp $ */
 /*
  * Copyright (c) 2022 Joel Sing <jsing@openbsd.org>
  *
@@ -486,7 +486,7 @@ ecx_free(EVP_PKEY *pkey)
 {
 	struct ecx_key_st *ecx_key = pkey->pkey.ecx;
 
-	return ecx_key_free(ecx_key);
+	ecx_key_free(ecx_key);
 }
 
 static int
@@ -683,11 +683,11 @@ ecx_item_verify(EVP_MD_CTX *md_ctx, const ASN1_ITEM *it, void *asn,
 
 	if (nid != NID_ED25519 || param_type != V_ASN1_UNDEF) {
 		ECerror(EC_R_INVALID_ENCODING);
-		return 0;
+		return -1;
 	}
 
 	if (!EVP_DigestVerifyInit(md_ctx, NULL, NULL, NULL, pkey))
-		return 0;
+		return -1;
 
 	return 2;
 }
@@ -757,9 +757,9 @@ pkey_ecx_digestverify(EVP_MD_CTX *md_ctx, const unsigned char *sig,
 	ecx_key = pkey_ctx->pkey->pkey.ecx;
 
 	if (ecx_key == NULL || ecx_key->pub_key == NULL)
-		return 0;
+		return -1;
 	if (sig_len != ecx_sig_size(pkey_ctx->pkey))
-		return 0;
+		return -1;
 
 	return ED25519_verify(message, message_len, sig, ecx_key->pub_key);
 }

lib/libcrypto/ecdh/ecdh.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: ech_key.c,v 1.19 2023/06/25 19:35:56 tb Exp $ */
+/* $OpenBSD: ecdh.c,v 1.3 2023/07/05 17:10:10 tb Exp $ */
 /* ====================================================================
  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
  *
@@ -68,123 +68,189 @@
  */
 
 #include <limits.h>
+#include <stdlib.h>
 #include <string.h>
 
 #include <openssl/opensslconf.h>
 
 #include <openssl/bn.h>
+#include <openssl/ec.h>
 #include <openssl/ecdh.h>
 #include <openssl/err.h>
-#include <openssl/objects.h>
-#include <openssl/sha.h>
+#include <openssl/evp.h>
 
 #include "ec_local.h"
 
 /*
- * This implementation is based on the following primitives in the IEEE 1363
- * standard:
- *  - ECKAS-DH1
- *  - ECSVDP-DH
- * Finally an optional KDF is applied.
+ * Key derivation function from X9.63/SECG.
  */
+
+/* Way more than we will ever need */
+#define ECDH_KDF_MAX	(1 << 30)
+
 int
-ossl_ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
-    EC_KEY *ecdh,
+ecdh_KDF_X9_63(unsigned char *out, size_t outlen, const unsigned char *Z,
+    size_t Zlen, const unsigned char *sinfo, size_t sinfolen, const EVP_MD *md)
+{
+	EVP_MD_CTX *mctx = NULL;
+	unsigned int i;
+	size_t mdlen;
+	unsigned char ctr[4];
+	int rv = 0;
+
+	if (sinfolen > ECDH_KDF_MAX || outlen > ECDH_KDF_MAX ||
+	    Zlen > ECDH_KDF_MAX)
+		return 0;
+	mctx = EVP_MD_CTX_new();
+	if (mctx == NULL)
+		return 0;
+	mdlen = EVP_MD_size(md);
+	for (i = 1;; i++) {
+		unsigned char mtmp[EVP_MAX_MD_SIZE];
+		if (!EVP_DigestInit_ex(mctx, md, NULL))
+			goto err;
+		ctr[3] = i & 0xFF;
+		ctr[2] = (i >> 8) & 0xFF;
+		ctr[1] = (i >> 16) & 0xFF;
+		ctr[0] = (i >> 24) & 0xFF;
+		if (!EVP_DigestUpdate(mctx, Z, Zlen))
+			goto err;
+		if (!EVP_DigestUpdate(mctx, ctr, sizeof(ctr)))
+			goto err;
+		if (!EVP_DigestUpdate(mctx, sinfo, sinfolen))
+			goto err;
+		if (outlen >= mdlen) {
+			if (!EVP_DigestFinal(mctx, out, NULL))
+				goto err;
+			outlen -= mdlen;
+			if (outlen == 0)
+				break;
+			out += mdlen;
+		} else {
+			if (!EVP_DigestFinal(mctx, mtmp, NULL))
+				goto err;
+			memcpy(out, mtmp, outlen);
+			explicit_bzero(mtmp, mdlen);
+			break;
+		}
+	}
+	rv = 1;
+
+ err:
+	EVP_MD_CTX_free(mctx);
+
+	return rv;
+}
+
+/*
+ * Based on the ECKAS-DH1 and ECSVDP-DH primitives in the IEEE 1363 standard.
+ */
+/* XXX - KDF handling moved to ECDH_compute_key().  See OpenSSL e2285d87. */
+int
+ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh,
     void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen))
 {
 	BN_CTX *ctx;
-	EC_POINT *tmp = NULL;
-	BIGNUM *x = NULL, *y = NULL;
+	BIGNUM *cofactor, *x;
 	const BIGNUM *priv_key;
-	const EC_GROUP* group;
-	int ret = -1;
-	size_t buflen, len;
+	const EC_GROUP *group;
+	EC_POINT *point = NULL;
 	unsigned char *buf = NULL;
+	int buflen;
+	int ret = -1;
 
 	if (outlen > INT_MAX) {
 		/* Sort of, anyway. */
-		ECDHerror(ERR_R_MALLOC_FAILURE);
+		ECerror(ERR_R_MALLOC_FAILURE);
 		return -1;
 	}
 
 	if ((ctx = BN_CTX_new()) == NULL)
 		goto err;
+
 	BN_CTX_start(ctx);
+
 	if ((x = BN_CTX_get(ctx)) == NULL)
 		goto err;
-	if ((y = BN_CTX_get(ctx)) == NULL)
+	if ((cofactor = BN_CTX_get(ctx)) == NULL)
 		goto err;
 
-	priv_key = EC_KEY_get0_private_key(ecdh);
-	if (priv_key == NULL) {
-		ECDHerror(ECDH_R_NO_PRIVATE_VALUE);
+	if ((group = EC_KEY_get0_group(ecdh)) == NULL)
 		goto err;
-	}
-
-	group = EC_KEY_get0_group(ecdh);
 
 	if (!EC_POINT_is_on_curve(group, pub_key, ctx))
 		goto err;
 
-	if ((tmp = EC_POINT_new(group)) == NULL) {
-		ECDHerror(ERR_R_MALLOC_FAILURE);
+	if ((point = EC_POINT_new(group)) == NULL) {
+		ECerror(ERR_R_MALLOC_FAILURE);
 		goto err;
 	}
 
-	if (!EC_POINT_mul(group, tmp, NULL, pub_key, priv_key, ctx)) {
-		ECDHerror(ECDH_R_POINT_ARITHMETIC_FAILURE);
+	if ((priv_key = EC_KEY_get0_private_key(ecdh)) == NULL) {
+		ECerror(EC_R_MISSING_PRIVATE_KEY);
 		goto err;
 	}
 
-	if (!EC_POINT_get_affine_coordinates(group, tmp, x, y, ctx)) {
-		ECDHerror(ECDH_R_POINT_ARITHMETIC_FAILURE);
+	if ((EC_KEY_get_flags(ecdh) & EC_FLAG_COFACTOR_ECDH) != 0) {
+		if (!EC_GROUP_get_cofactor(group, cofactor, NULL)) {
+			ECerror(ERR_R_EC_LIB);
+			goto err;
+		}
+		if (!BN_mul(cofactor, cofactor, priv_key, ctx)) {
+			ECerror(ERR_R_BN_LIB);
+			goto err;
+		}
+		priv_key = cofactor;
+	}
+
+	if (!EC_POINT_mul(group, point, NULL, pub_key, priv_key, ctx)) {
+		ECerror(EC_R_POINT_ARITHMETIC_FAILURE);
 		goto err;
 	}
 
-	buflen = ECDH_size(ecdh);
-	len = BN_num_bytes(x);
-	if (len > buflen) {
-		ECDHerror(ERR_R_INTERNAL_ERROR);
+	if (!EC_POINT_get_affine_coordinates(group, point, x, NULL, ctx)) {
+		ECerror(EC_R_POINT_ARITHMETIC_FAILURE);
+		goto err;
+	}
+
+	if ((buflen = ECDH_size(ecdh)) < BN_num_bytes(x)) {
+		ECerror(ERR_R_INTERNAL_ERROR);
 		goto err;
 	}
 	if (KDF == NULL && outlen < buflen) {
 		/* The resulting key would be truncated. */
-		ECDHerror(ECDH_R_KEY_TRUNCATION);
+		ECerror(EC_R_KEY_TRUNCATION);
 		goto err;
 	}
 	if ((buf = malloc(buflen)) == NULL) {
-		ECDHerror(ERR_R_MALLOC_FAILURE);
+		ECerror(ERR_R_MALLOC_FAILURE);
 		goto err;
 	}
-
-	memset(buf, 0, buflen - len);
-	if (len != (size_t)BN_bn2bin(x, buf + buflen - len)) {
-		ECDHerror(ERR_R_BN_LIB);
+	if (BN_bn2binpad(x, buf, buflen) != buflen) {
+		ECerror(ERR_R_BN_LIB);
 		goto err;
 	}
 
 	if (KDF != NULL) {
 		if (KDF(buf, buflen, out, &outlen) == NULL) {
-			ECDHerror(ECDH_R_KDF_FAILED);
+			ECerror(EC_R_KDF_FAILED);
 			goto err;
 		}
-		ret = outlen;
 	} else {
-		/* No KDF, just copy out the key and zero the rest. */
-		if (outlen > buflen) {
-			memset((void *)((uintptr_t)out + buflen), 0, outlen - buflen);
+		memset(out, 0, outlen);
+		if (outlen > buflen)
 			outlen = buflen;
-		}
 		memcpy(out, buf, outlen);
-		ret = outlen;
 	}
 
+	ret = outlen;
  err:
-	EC_POINT_free(tmp);
+	EC_POINT_free(point);
 	BN_CTX_end(ctx);
 	BN_CTX_free(ctx);
 	free(buf);
-	return (ret);
+
+	return ret;
 }
 
 int
@@ -192,14 +258,15 @@ ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
     EC_KEY *eckey,
     void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen))
 {
-	if (eckey->meth->compute_key != NULL)
-		return eckey->meth->compute_key(out, outlen, pub_key, eckey, KDF);
-	ECerror(EC_R_NOT_IMPLEMENTED);
-	return 0;
+	if (eckey->meth->compute_key == NULL) {
+		ECerror(EC_R_NOT_IMPLEMENTED);
+		return 0;
+	}
+	return eckey->meth->compute_key(out, outlen, pub_key, eckey, KDF);
 }
 
 int
 ECDH_size(const EC_KEY *d)
 {
-	return ((EC_GROUP_get_degree(EC_KEY_get0_group(d)) + 7) / 8);
+	return (EC_GROUP_get_degree(EC_KEY_get0_group(d)) + 7) / 8;
 }

lib/libcrypto/ecdh/ecdh_kdf.c

@@ -1,121 +0,0 @@
-/*	$OpenBSD: ecdh_kdf.c,v 1.9 2023/06/25 19:43:28 tb Exp $ */
-/*
- * Written by Stephen Henson for the OpenSSL project.
- */
-/* ====================================================================
- * Copyright (c) 2013 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *	notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *	notice, this list of conditions and the following disclaimer in
- *	the documentation and/or other materials provided with the
- *	distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *	software must display the following acknowledgment:
- *	"This product includes software developed by the OpenSSL Project
- *	for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *	endorse or promote products derived from this software without
- *	prior written permission. For written permission, please contact
- *	openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *	nor may "OpenSSL" appear in their names without prior written
- *	permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *	acknowledgment:
- *	"This product includes software developed by the OpenSSL Project
- *	for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-#include <string.h>
-
-#include <openssl/ecdh.h>
-#include <openssl/ec.h>
-#include <openssl/evp.h>
-
-#include "ec_local.h"
-
-/*
- * Key derivation function from X9.63/SECG.
- */
-
-/* Way more than we will ever need */
-#define ECDH_KDF_MAX	(1 << 30)
-
-int
-ecdh_KDF_X9_63(unsigned char *out, size_t outlen, const unsigned char *Z,
-    size_t Zlen, const unsigned char *sinfo, size_t sinfolen, const EVP_MD *md)
-{
-	EVP_MD_CTX *mctx = NULL;
-	unsigned int i;
-	size_t mdlen;
-	unsigned char ctr[4];
-	int rv = 0;
-
-	if (sinfolen > ECDH_KDF_MAX || outlen > ECDH_KDF_MAX ||
-	    Zlen > ECDH_KDF_MAX)
-		return 0;
-	mctx = EVP_MD_CTX_new();
-	if (mctx == NULL)
-		return 0;
-	mdlen = EVP_MD_size(md);
-	for (i = 1;; i++) {
-		unsigned char mtmp[EVP_MAX_MD_SIZE];
-		if (!EVP_DigestInit_ex(mctx, md, NULL))
-			goto err;
-		ctr[3] = i & 0xFF;
-		ctr[2] = (i >> 8) & 0xFF;
-		ctr[1] = (i >> 16) & 0xFF;
-		ctr[0] = (i >> 24) & 0xFF;
-		if (!EVP_DigestUpdate(mctx, Z, Zlen))
-			goto err;
-		if (!EVP_DigestUpdate(mctx, ctr, sizeof(ctr)))
-			goto err;
-		if (!EVP_DigestUpdate(mctx, sinfo, sinfolen))
-			goto err;
-		if (outlen >= mdlen) {
-			if (!EVP_DigestFinal(mctx, out, NULL))
-				goto err;
-			outlen -= mdlen;
-			if (outlen == 0)
-				break;
-			out += mdlen;
-		} else {
-			if (!EVP_DigestFinal(mctx, mtmp, NULL))
-				goto err;
-			memcpy(out, mtmp, outlen);
-			explicit_bzero(mtmp, mdlen);
-			break;
-		}
-	}
-	rv = 1;
-
- err:
-	EVP_MD_CTX_free(mctx);
-
-	return rv;
-}

lib/libcrypto/ecdh/ech_lib.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: ech_lib.c,v 1.22 2023/06/25 19:17:43 tb Exp $ */
+/* $OpenBSD: ech_lib.c,v 1.23 2023/07/05 08:39:40 tb Exp $ */
 /* ====================================================================
  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
  *
@@ -90,7 +90,7 @@ static const ECDH_METHOD *default_ECDH_method = NULL;
 
 static const ECDH_METHOD openssl_ecdh_meth = {
 	.name = "OpenSSL ECDH method",
-	.compute_key = ossl_ecdh_compute_key,
+	.compute_key = ecdh_compute_key,
 };
 
 const ECDH_METHOD *

lib/libcrypto/ecdsa/ecdsa.c

@@ -0,0 +1,818 @@
+/* $OpenBSD: ecdsa.c,v 1.10 2023/07/05 17:10:10 tb Exp $ */
+/* ====================================================================
+ * Copyright (c) 2000-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stddef.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <openssl/opensslconf.h>
+
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/bn.h>
+#include <openssl/ecdsa.h>
+#include <openssl/ec.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+
+#include "bn_local.h"
+#include "ec_local.h"
+#include "ecdsa_local.h"
+
+static const ASN1_TEMPLATE ECDSA_SIG_seq_tt[] = {
+	{
+		.flags = 0,
+		.tag = 0,
+		.offset = offsetof(ECDSA_SIG, r),
+		.field_name = "r",
+		.item = &BIGNUM_it,
+	},
+	{
+		.flags = 0,
+		.tag = 0,
+		.offset = offsetof(ECDSA_SIG, s),
+		.field_name = "s",
+		.item = &BIGNUM_it,
+	},
+};
+
+const ASN1_ITEM ECDSA_SIG_it = {
+	.itype = ASN1_ITYPE_SEQUENCE,
+	.utype = V_ASN1_SEQUENCE,
+	.templates = ECDSA_SIG_seq_tt,
+	.tcount = sizeof(ECDSA_SIG_seq_tt) / sizeof(ASN1_TEMPLATE),
+	.funcs = NULL,
+	.size = sizeof(ECDSA_SIG),
+	.sname = "ECDSA_SIG",
+};
+
+ECDSA_SIG *
+d2i_ECDSA_SIG(ECDSA_SIG **a, const unsigned char **in, long len)
+{
+	return (ECDSA_SIG *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
+	    &ECDSA_SIG_it);
+}
+
+int
+i2d_ECDSA_SIG(const ECDSA_SIG *a, unsigned char **out)
+{
+	return ASN1_item_i2d((ASN1_VALUE *)a, out, &ECDSA_SIG_it);
+}
+
+ECDSA_SIG *
+ECDSA_SIG_new(void)
+{
+	return (ECDSA_SIG *)ASN1_item_new(&ECDSA_SIG_it);
+}
+
+void
+ECDSA_SIG_free(ECDSA_SIG *a)
+{
+	ASN1_item_free((ASN1_VALUE *)a, &ECDSA_SIG_it);
+}
+
+void
+ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps)
+{
+	if (pr != NULL)
+		*pr = sig->r;
+	if (ps != NULL)
+		*ps = sig->s;
+}
+
+const BIGNUM *
+ECDSA_SIG_get0_r(const ECDSA_SIG *sig)
+{
+	return sig->r;
+}
+
+const BIGNUM *
+ECDSA_SIG_get0_s(const ECDSA_SIG *sig)
+{
+	return sig->s;
+}
+
+int
+ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s)
+{
+	if (r == NULL || s == NULL)
+		return 0;
+
+	BN_free(sig->r);
+	BN_free(sig->s);
+	sig->r = r;
+	sig->s = s;
+	return 1;
+}
+
+int
+ECDSA_size(const EC_KEY *r)
+{
+	const EC_GROUP *group;
+	const BIGNUM *order = NULL;
+	ECDSA_SIG sig;
+	int ret = 0;
+
+	if (r == NULL)
+		goto err;
+
+	if ((group = EC_KEY_get0_group(r)) == NULL)
+		goto err;
+
+	if ((order = EC_GROUP_get0_order(group)) == NULL)
+		goto err;
+
+	sig.r = (BIGNUM *)order;
+	sig.s = (BIGNUM *)order;
+
+	if ((ret = i2d_ECDSA_SIG(&sig, NULL)) < 0)
+		ret = 0;
+
+ err:
+	return ret;
+}
+
+/*
+ * FIPS 186-5, section 6.4.1, step 2: convert hashed message into an integer.
+ * Use the order_bits leftmost bits if it exceeds the group order.
+ */
+static int
+ecdsa_prepare_digest(const unsigned char *digest, int digest_len,
+    const EC_KEY *key, BIGNUM *e)
+{
+	const EC_GROUP *group;
+	int digest_bits, order_bits;
+
+	if (BN_bin2bn(digest, digest_len, e) == NULL) {
+		ECerror(ERR_R_BN_LIB);
+		return 0;
+	}
+
+	if ((group = EC_KEY_get0_group(key)) == NULL)
+		return 0;
+	order_bits = EC_GROUP_order_bits(group);
+
+	digest_bits = 8 * digest_len;
+	if (digest_bits <= order_bits)
+		return 1;
+
+	return BN_rshift(e, e, digest_bits - order_bits);
+}
+
+int
+ecdsa_sign(int type, const unsigned char *digest, int digest_len,
+    unsigned char *signature, unsigned int *signature_len, const BIGNUM *kinv,
+    const BIGNUM *r, EC_KEY *key)
+{
+	ECDSA_SIG *sig;
+	int out_len = 0;
+	int ret = 0;
+
+	if ((sig = ECDSA_do_sign_ex(digest, digest_len, kinv, r, key)) == NULL)
+		goto err;
+
+	if ((out_len = i2d_ECDSA_SIG(sig, &signature)) < 0) {
+		out_len = 0;
+		goto err;
+	}
+
+	ret = 1;
+
+ err:
+	*signature_len = out_len;
+	ECDSA_SIG_free(sig);
+
+	return ret;
+}
+
+/*
+ * FIPS 186-5, section 6.4.1, steps 3-8 and 11: Generate k, calculate r and
+ * kinv. If r == 0, try again with a new random k.
+ */
+
+int
+ecdsa_sign_setup(EC_KEY *key, BN_CTX *in_ctx, BIGNUM **out_kinv, BIGNUM **out_r)
+{
+	const EC_GROUP *group;
+	EC_POINT *point = NULL;
+	BN_CTX *ctx = NULL;
+	BIGNUM *k = NULL, *r = NULL;
+	const BIGNUM *order;
+	BIGNUM *x;
+	int order_bits;
+	int ret = 0;
+
+	BN_free(*out_kinv);
+	*out_kinv = NULL;
+
+	BN_free(*out_r);
+	*out_r = NULL;
+
+	if (key == NULL) {
+		ECerror(ERR_R_PASSED_NULL_PARAMETER);
+		goto err;
+	}
+	if ((group = EC_KEY_get0_group(key)) == NULL) {
+		ECerror(ERR_R_PASSED_NULL_PARAMETER);
+		goto err;
+	}
+
+	if ((k = BN_new()) == NULL)
+		goto err;
+	if ((r = BN_new()) == NULL)
+		goto err;
+
+	if ((ctx = in_ctx) == NULL)
+		ctx = BN_CTX_new();
+	if (ctx == NULL) {
+		ECerror(ERR_R_MALLOC_FAILURE);
+		goto err;
+	}
+
+	BN_CTX_start(ctx);
+
+	if ((x = BN_CTX_get(ctx)) == NULL)
+		goto err;
+
+	if ((point = EC_POINT_new(group)) == NULL) {
+		ECerror(ERR_R_EC_LIB);
+		goto err;
+	}
+	if ((order = EC_GROUP_get0_order(group)) == NULL) {
+		ECerror(ERR_R_EC_LIB);
+		goto err;
+	}
+
+	if (BN_cmp(order, BN_value_one()) <= 0) {
+		ECerror(EC_R_INVALID_GROUP_ORDER);
+		goto err;
+	}
+
+	/* Reject curves with an order that is smaller than 80 bits. */
+	if ((order_bits = BN_num_bits(order)) < 80) {
+		ECerror(EC_R_INVALID_GROUP_ORDER);
+		goto err;
+	}
+
+	/* Preallocate space. */
+	if (!BN_set_bit(k, order_bits) ||
+	    !BN_set_bit(r, order_bits) ||
+	    !BN_set_bit(x, order_bits))
+		goto err;
+
+	/* Step 11: repeat until r != 0. */
+	do {
+		/* Step 3: generate random k. */
+		if (!bn_rand_interval(k, BN_value_one(), order))
+			goto err;
+
+		/*
+		 * We do not want timing information to leak the length of k,
+		 * so we compute G * k using an equivalent scalar of fixed
+		 * bit-length.
+		 *
+		 * We unconditionally perform both of these additions to prevent
+		 * a small timing information leakage.  We then choose the sum
+		 * that is one bit longer than the order.  This guarantees the
+		 * code path used in the constant time implementations
+		 * elsewhere.
+		 *
+		 * TODO: revisit the bn_copy aiming for a memory access agnostic
+		 * conditional copy.
+		 */
+		if (!BN_add(r, k, order) ||
+		    !BN_add(x, r, order) ||
+		    !bn_copy(k, BN_num_bits(r) > order_bits ? r : x))
+			goto err;
+
+		BN_set_flags(k, BN_FLG_CONSTTIME);
+
+		/* Step 5: P = k * G. */
+		if (!EC_POINT_mul(group, point, k, NULL, NULL, ctx)) {
+			ECerror(ERR_R_EC_LIB);
+			goto err;
+		}
+		/* Steps 6 (and 7): from P = (x, y) retain the x-coordinate. */
+		if (!EC_POINT_get_affine_coordinates(group, point, x, NULL,
+		    ctx)) {
+			ECerror(ERR_R_EC_LIB);
+			goto err;
+		}
+		/* Step 8: r = x (mod order). */
+		if (!BN_nnmod(r, x, order, ctx)) {
+			ECerror(ERR_R_BN_LIB);
+			goto err;
+		}
+	} while (BN_is_zero(r));
+
+	/* Step 4: calculate kinv. */
+	if (BN_mod_inverse_ct(k, k, order, ctx) == NULL) {
+		ECerror(ERR_R_BN_LIB);
+		goto err;
+	}
+
+	*out_kinv = k;
+	k = NULL;
+
+	*out_r = r;
+	r = NULL;
+
+	ret = 1;
+
+ err:
+	BN_CTX_end(ctx);
+	if (ctx != in_ctx)
+		BN_CTX_free(ctx);
+	BN_free(k);
+	BN_free(r);
+	EC_POINT_free(point);
+
+	return ret;
+}
+
+/*
+ * FIPS 186-5, section 6.4.1, step 9: compute s = inv(k)(e + xr) mod order.
+ * In order to reduce the possibility of a side-channel attack, the following
+ * is calculated using a random blinding value b in [1, order):
+ * s = inv(b)(be + bxr)inv(k) mod order.
+ */
+
+static int
+ecdsa_compute_s(BIGNUM **out_s, const BIGNUM *e, const BIGNUM *kinv,
+    const BIGNUM *r, const EC_KEY *key, BN_CTX *ctx)
+{
+	const EC_GROUP *group;
+	const BIGNUM *order, *priv_key;
+	BIGNUM *b, *binv, *be, *bxr;
+	BIGNUM *s = NULL;
+	int ret = 0;
+
+	*out_s = NULL;
+
+	BN_CTX_start(ctx);
+
+	if ((group = EC_KEY_get0_group(key)) == NULL) {
+		ECerror(ERR_R_PASSED_NULL_PARAMETER);
+		goto err;
+	}
+	if ((order = EC_GROUP_get0_order(group)) == NULL) {
+		ECerror(ERR_R_EC_LIB);
+		goto err;
+	}
+	if ((priv_key = EC_KEY_get0_private_key(key)) == NULL) {
+		ECerror(ERR_R_PASSED_NULL_PARAMETER);
+		goto err;
+	}
+
+	if ((b = BN_CTX_get(ctx)) == NULL)
+		goto err;
+	if ((binv = BN_CTX_get(ctx)) == NULL)
+		goto err;
+	if ((be = BN_CTX_get(ctx)) == NULL)
+		goto err;
+	if ((bxr = BN_CTX_get(ctx)) == NULL)
+		goto err;
+
+	if ((s = BN_new()) == NULL)
+		goto err;
+
+	/*
+	 * In a valid ECDSA signature, r must be in [1, order). Since r can be
+	 * caller provided - either directly or by replacing sign_setup() - we
+	 * can't rely on this being the case.
+	 */
+	if (BN_cmp(r, BN_value_one()) < 0 || BN_cmp(r, order) >= 0) {
+		ECerror(EC_R_BAD_SIGNATURE);
+		goto err;
+	}
+
+	if (!bn_rand_interval(b, BN_value_one(), order)) {
+		ECerror(ERR_R_BN_LIB);
+		goto err;
+	}
+
+	if (BN_mod_inverse_ct(binv, b, order, ctx) == NULL) {
+		ECerror(ERR_R_BN_LIB);
+		goto err;
+	}
+
+	if (!BN_mod_mul(bxr, b, priv_key, order, ctx)) {
+		ECerror(ERR_R_BN_LIB);
+		goto err;
+	}
+	if (!BN_mod_mul(bxr, bxr, r, order, ctx)) {
+		ECerror(ERR_R_BN_LIB);
+		goto err;
+	}
+	if (!BN_mod_mul(be, b, e, order, ctx)) {
+		ECerror(ERR_R_BN_LIB);
+		goto err;
+	}
+	if (!BN_mod_add(s, be, bxr, order, ctx)) {
+		ECerror(ERR_R_BN_LIB);
+		goto err;
+	}
+	/* s = b(e + xr)k^-1 */
+	if (!BN_mod_mul(s, s, kinv, order, ctx)) {
+		ECerror(ERR_R_BN_LIB);
+		goto err;
+	}
+	/* s = (e + xr)k^-1 */
+	if (!BN_mod_mul(s, s, binv, order, ctx)) {
+		ECerror(ERR_R_BN_LIB);
+		goto err;
+	}
+
+	/* Step 11: if s == 0 start over. */
+	if (!BN_is_zero(s)) {
+		*out_s = s;
+		s = NULL;
+	}
+
+	ret = 1;
+
+ err:
+	BN_CTX_end(ctx);
+	BN_free(s);
+
+	return ret;
+}
+
+/*
+ * It is too expensive to check curve parameters on every sign operation.
+ * Instead, cap the number of retries. A single retry is very unlikely, so
+ * allowing 32 retries is amply enough.
+ */
+#define ECDSA_MAX_SIGN_ITERATIONS		32
+
+/*
+ * FIPS 186-5: Section 6.4.1: ECDSA signature generation, steps 2-12.
+ * The caller provides the hash of the message, thus performs step 1.
+ * Step 10, zeroing k and kinv, is done by BN_free().
+ */
+
+ECDSA_SIG *
+ecdsa_sign_sig(const unsigned char *digest, int digest_len,
+    const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *key)
+{
+	BN_CTX *ctx = NULL;
+	BIGNUM *kinv = NULL, *r = NULL, *s = NULL;
+	BIGNUM *e;
+	int caller_supplied_values = 0;
+	int attempts = 0;
+	ECDSA_SIG *sig = NULL;
+
+	if ((ctx = BN_CTX_new()) == NULL) {
+		ECerror(ERR_R_MALLOC_FAILURE);
+		goto err;
+	}
+
+	BN_CTX_start(ctx);
+
+	if ((e = BN_CTX_get(ctx)) == NULL)
+		goto err;
+
+	/* Step 2: convert hash into an integer. */
+	if (!ecdsa_prepare_digest(digest, digest_len, key, e))
+		goto err;
+
+	if (in_kinv != NULL && in_r != NULL) {
+		/*
+		 * Use the caller's kinv and r. Don't call ECDSA_sign_setup().
+		 * If we're unable to compute a valid signature, the caller
+		 * must provide new values.
+		 */
+		caller_supplied_values = 1;
+
+		if ((kinv = BN_dup(in_kinv)) == NULL) {
+			ECerror(ERR_R_MALLOC_FAILURE);
+			goto err;
+		}
+		if ((r = BN_dup(in_r)) == NULL) {
+			ECerror(ERR_R_MALLOC_FAILURE);
+			goto err;
+		}
+	}
+
+	do {
+		/* Steps 3-8: calculate kinv and r. */
+		if (!caller_supplied_values) {
+			if (!ECDSA_sign_setup(key, ctx, &kinv, &r)) {
+				ECerror(ERR_R_EC_LIB);
+				goto err;
+			}
+		}
+
+		/*
+		 * Steps 9 and 11: if s is non-NULL, we have a valid signature.
+		 */
+		if (!ecdsa_compute_s(&s, e, kinv, r, key, ctx))
+			goto err;
+		if (s != NULL)
+			break;
+
+		if (caller_supplied_values) {
+			ECerror(EC_R_NEED_NEW_SETUP_VALUES);
+			goto err;
+		}
+
+		if (++attempts > ECDSA_MAX_SIGN_ITERATIONS) {
+			ECerror(EC_R_WRONG_CURVE_PARAMETERS);
+			goto err;
+		}
+	} while (1);
+
+	/* Step 12: output (r, s). */
+	if ((sig = ECDSA_SIG_new()) == NULL) {
+		ECerror(ERR_R_MALLOC_FAILURE);
+		goto err;
+	}
+	if (!ECDSA_SIG_set0(sig, r, s)) {
+		ECDSA_SIG_free(sig);
+		goto err;
+	}
+	r = NULL;
+	s = NULL;
+
+ err:
+	BN_CTX_end(ctx);
+	BN_CTX_free(ctx);
+	BN_free(kinv);
+	BN_free(r);
+	BN_free(s);
+
+	return sig;
+}
+
+int
+ecdsa_verify(int type, const unsigned char *digest, int digest_len,
+    const unsigned char *sigbuf, int sig_len, EC_KEY *key)
+{
+	ECDSA_SIG *s;
+	unsigned char *der = NULL;
+	const unsigned char *p;
+	int der_len = 0;
+	int ret = -1;
+
+	if ((s = ECDSA_SIG_new()) == NULL)
+		goto err;
+
+	p = sigbuf;
+	if (d2i_ECDSA_SIG(&s, &p, sig_len) == NULL)
+		goto err;
+
+	/* Ensure signature uses DER and doesn't have trailing garbage. */
+	if ((der_len = i2d_ECDSA_SIG(s, &der)) != sig_len)
+		goto err;
+	if (timingsafe_memcmp(sigbuf, der, der_len))
+		goto err;
+
+	ret = ECDSA_do_verify(digest, digest_len, s, key);
+
+ err:
+	freezero(der, der_len);
+	ECDSA_SIG_free(s);
+
+	return ret;
+}
+
+/*
+ * FIPS 186-5, section 6.4.2: ECDSA signature verification.
+ * The caller provides us with the hash of the message, so has performed step 2.
+ */
+
+int
+ecdsa_verify_sig(const unsigned char *digest, int digest_len,
+    const ECDSA_SIG *sig, EC_KEY *key)
+{
+	const EC_GROUP *group;
+	const EC_POINT *pub_key;
+	EC_POINT *point = NULL;
+	const BIGNUM *order;
+	BN_CTX *ctx = NULL;
+	BIGNUM *e, *sinv, *u, *v, *x;
+	int ret = -1;
+
+	if (key == NULL || sig == NULL) {
+		ECerror(EC_R_MISSING_PARAMETERS);
+		goto err;
+	}
+	if ((group = EC_KEY_get0_group(key)) == NULL) {
+		ECerror(EC_R_MISSING_PARAMETERS);
+		goto err;
+	}
+	if ((pub_key = EC_KEY_get0_public_key(key)) == NULL) {
+		ECerror(EC_R_MISSING_PARAMETERS);
+		goto err;
+	}
+
+	if ((ctx = BN_CTX_new()) == NULL) {
+		ECerror(ERR_R_MALLOC_FAILURE);
+		goto err;
+	}
+
+	BN_CTX_start(ctx);
+
+	if ((e = BN_CTX_get(ctx)) == NULL)
+		goto err;
+	if ((sinv = BN_CTX_get(ctx)) == NULL)
+		goto err;
+	if ((u = BN_CTX_get(ctx)) == NULL)
+		goto err;
+	if ((v = BN_CTX_get(ctx)) == NULL)
+		goto err;
+	if ((x = BN_CTX_get(ctx)) == NULL)
+		goto err;
+
+	if ((order = EC_GROUP_get0_order(group)) == NULL) {
+		ECerror(ERR_R_EC_LIB);
+		goto err;
+	}
+
+	/* Step 1: verify that r and s are in the range [1, order). */
+	if (BN_cmp(sig->r, BN_value_one()) < 0 || BN_cmp(sig->r, order) >= 0) {
+		ECerror(EC_R_BAD_SIGNATURE);
+		ret = 0;
+		goto err;
+	}
+	if (BN_cmp(sig->s, BN_value_one()) < 0 || BN_cmp(sig->s, order) >= 0) {
+		ECerror(EC_R_BAD_SIGNATURE);
+		ret = 0;
+		goto err;
+	}
+
+	/* Step 3: convert the hash into an integer. */
+	if (!ecdsa_prepare_digest(digest, digest_len, key, e))
+		goto err;
+
+	/* Step 4: compute the inverse of s modulo order. */
+	if (BN_mod_inverse_ct(sinv, sig->s, order, ctx) == NULL) {
+		ECerror(ERR_R_BN_LIB);
+		goto err;
+	}
+	/* Step 5: compute u = s^-1 * e and v = s^-1 * r (modulo order). */
+	if (!BN_mod_mul(u, e, sinv, order, ctx)) {
+		ECerror(ERR_R_BN_LIB);
+		goto err;
+	}
+	if (!BN_mod_mul(v, sig->r, sinv, order, ctx)) {
+		ECerror(ERR_R_BN_LIB);
+		goto err;
+	}
+
+	/*
+	 * Steps 6 and 7: compute R = G * u + pub_key * v = (x, y). Reject if
+	 * it's the point at infinity - getting affine coordinates fails. Keep
+	 * the x coordinate.
+	 */
+	if ((point = EC_POINT_new(group)) == NULL) {
+		ECerror(ERR_R_MALLOC_FAILURE);
+		goto err;
+	}
+	if (!EC_POINT_mul(group, point, u, pub_key, v, ctx)) {
+		ECerror(ERR_R_EC_LIB);
+		goto err;
+	}
+	if (!EC_POINT_get_affine_coordinates(group, point, x, NULL, ctx)) {
+		ECerror(ERR_R_EC_LIB);
+		goto err;
+	}
+	/* Step 8: convert x to a number in [0, order). */
+	if (!BN_nnmod(x, x, order, ctx)) {
+		ECerror(ERR_R_BN_LIB);
+		goto err;
+	}
+
+	/* Step 9: the signature is valid iff the x-coordinate is equal to r. */
+	ret = (BN_cmp(x, sig->r) == 0);
+
+ err:
+	BN_CTX_end(ctx);
+	BN_CTX_free(ctx);
+	EC_POINT_free(point);
+
+	return ret;
+}
+
+ECDSA_SIG *
+ECDSA_do_sign(const unsigned char *digest, int digest_len, EC_KEY *key)
+{
+	return ECDSA_do_sign_ex(digest, digest_len, NULL, NULL, key);
+}
+
+ECDSA_SIG *
+ECDSA_do_sign_ex(const unsigned char *digest, int digest_len,
+    const BIGNUM *kinv, const BIGNUM *out_r, EC_KEY *key)
+{
+	if (key->meth->sign_sig == NULL) {
+		ECerror(EC_R_NOT_IMPLEMENTED);
+		return 0;
+	}
+	return key->meth->sign_sig(digest, digest_len, kinv, out_r, key);
+}
+
+int
+ECDSA_sign(int type, const unsigned char *digest, int digest_len,
+    unsigned char *signature, unsigned int *signature_len, EC_KEY *key)
+{
+	return ECDSA_sign_ex(type, digest, digest_len, signature, signature_len,
+	    NULL, NULL, key);
+}
+
+int
+ECDSA_sign_ex(int type, const unsigned char *digest, int digest_len,
+    unsigned char *signature, unsigned int *signature_len, const BIGNUM *kinv,
+    const BIGNUM *r, EC_KEY *key)
+{
+	if (key->meth->sign == NULL) {
+		ECerror(EC_R_NOT_IMPLEMENTED);
+		return 0;
+	}
+	return key->meth->sign(type, digest, digest_len, signature,
+	    signature_len, kinv, r, key);
+}
+
+int
+ECDSA_sign_setup(EC_KEY *key, BN_CTX *in_ctx, BIGNUM **out_kinv,
+    BIGNUM **out_r)
+{
+	if (key->meth->sign_setup == NULL) {
+		ECerror(EC_R_NOT_IMPLEMENTED);
+		return 0;
+	}
+	return key->meth->sign_setup(key, in_ctx, out_kinv, out_r);
+}
+
+int
+ECDSA_do_verify(const unsigned char *digest, int digest_len,
+    const ECDSA_SIG *sig, EC_KEY *key)
+{
+	if (key->meth->verify_sig == NULL) {
+		ECerror(EC_R_NOT_IMPLEMENTED);
+		return 0;
+	}
+	return key->meth->verify_sig(digest, digest_len, sig, key);
+}
+
+int
+ECDSA_verify(int type, const unsigned char *digest, int digest_len,
+    const unsigned char *sigbuf, int sig_len, EC_KEY *key)
+{
+	if (key->meth->verify == NULL) {
+		ECerror(EC_R_NOT_IMPLEMENTED);
+		return 0;
+	}
+	return key->meth->verify(type, digest, digest_len, sigbuf, sig_len, key);
+}