Merge OpenSSL 1.1.1e.

901 files changed, 6878 insertions, 2971 deletions

diff --git a/crypto/openssl/CHANGES b/crypto/openssl/CHANGES
index c6ca3439480e9..0250e4ef026bf 100644
--- a/crypto/openssl/CHANGES
+++ b/crypto/openssl/CHANGES
@@ -7,6 +7,73 @@
  https://github.com/openssl/openssl/commits/ and pick the appropriate
  release branch.
 
+ Changes between 1.1.1d and 1.1.1e [17 Mar 2020]
+  *) Properly detect EOF while reading in libssl. Previously if we hit an EOF
+     while reading in libssl then we would report an error back to the
+     application (SSL_ERROR_SYSCALL) but errno would be 0. We now add
+     an error to the stack (which means we instead return SSL_ERROR_SSL) and
+     therefore give a hint as to what went wrong.
+     [Matt Caswell]
+
+  *) Check that ed25519 and ed448 are allowed by the security level. Previously
+     signature algorithms not using an MD were not being checked that they were
+     allowed by the security level.
+     [Kurt Roeckx]
+
+  *) Fixed SSL_get_servername() behaviour. The behaviour of SSL_get_servername()
+     was not quite right. The behaviour was not consistent between resumption
+     and normal handshakes, and also not quite consistent with historical
+     behaviour. The behaviour in various scenarios has been clarified and
+     it has been updated to make it match historical behaviour as closely as
+     possible.
+     [Matt Caswell]
+
+  *) [VMS only] The header files that the VMS compilers include automatically,
+     __DECC_INCLUDE_PROLOGUE.H and __DECC_INCLUDE_EPILOGUE.H, use pragmas that
+     the C++ compiler doesn't understand.  This is a shortcoming in the
+     compiler, but can be worked around with __cplusplus guards.
+
+     C++ applications that use OpenSSL libraries must be compiled using the
+     qualifier '/NAMES=(AS_IS,SHORTENED)' to be able to use all the OpenSSL
+     functions.  Otherwise, only functions with symbols of less than 31
+     characters can be used, as the linker will not be able to successfully
+     resolve symbols with longer names.
+     [Richard Levitte]
+
+  *) Corrected the documentation of the return values from the EVP_DigestSign*
+     set of functions.  The documentation mentioned negative values for some
+     errors, but this was never the case, so the mention of negative values
+     was removed.
+
+     Code that followed the documentation and thereby check with something
+     like 'EVP_DigestSignInit(...) <= 0' will continue to work undisturbed.
+     [Richard Levitte]
+
+  *) Fixed an an overflow bug in the x64_64 Montgomery squaring procedure
+     used in exponentiation with 512-bit moduli. No EC algorithms are
+     affected. Analysis suggests that attacks against 2-prime RSA1024,
+     3-prime RSA1536, and DSA1024 as a result of this defect would be very
+     difficult to perform and are not believed likely. Attacks against DH512
+     are considered just feasible. However, for an attack the target would
+     have to re-use the DH512 private key, which is not recommended anyway.
+     Also applications directly using the low level API BN_mod_exp may be
+     affected if they use BN_FLG_CONSTTIME.
+     (CVE-2019-1551)
+     [Andy Polyakov]
+
+  *) Added a new method to gather entropy on VMS, based on SYS$GET_ENTROPY.
+     The presence of this system service is determined at run-time.
+     [Richard Levitte]
+
+  *) Added newline escaping functionality to a filename when using openssl dgst.
+     This output format is to replicate the output format found in the '*sum'
+     checksum programs. This aims to preserve backward compatibility.
+     [Matt Eaton, Richard Levitte, and Paul Dale]
+
+  *) Print all values for a PKCS#12 attribute with 'openssl pkcs12', not just
+     the first value.
+     [Jon Spillett]
+
  Changes between 1.1.1c and 1.1.1d [10 Sep 2019]
 
   *) Fixed a fork protection issue. OpenSSL 1.1.1 introduced a rewritten random
@@ -633,9 +700,9 @@
      bytes long. In theory it is permissible in SSLv3 - TLSv1.2 to fragment such
      alerts across multiple records (some of which could be empty). In practice
      it make no sense to send an empty alert record, or to fragment one. TLSv1.3
-     prohibts this altogether and other libraries (BoringSSL, NSS) do not
+     prohibits this altogether and other libraries (BoringSSL, NSS) do not
      support this at all. Supporting it adds significant complexity to the
-     record layer, and its removal is unlikely to cause inter-operability
+     record layer, and its removal is unlikely to cause interoperability
      issues.
      [Matt Caswell]
 
@@ -3652,7 +3719,7 @@
      implementations).
      [Emilia Käsper, Adam Langley, Bodo Moeller (Google)]
 
-  *) Use type ossl_ssize_t instad of ssize_t which isn't available on
+  *) Use type ossl_ssize_t instead of ssize_t which isn't available on
      all platforms. Move ssize_t definition from e_os.h to the public
      header file e_os2.h as it now appears in public header file cms.h
      [Steve Henson]
@@ -8373,7 +8440,7 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
 
   *) New OCSP utility. Allows OCSP requests to be generated or
      read. The request can be sent to a responder and the output
-     parsed, outputed or printed in text form. Not complete yet:
+     parsed, outputted or printed in text form. Not complete yet:
      still needs to check the OCSP response validity.
      [Steve Henson]
 
@@ -9368,7 +9435,7 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
      [Andy Polyakov]
 
   *) Modified SSL library such that the verify_callback that has been set
-     specificly for an SSL object with SSL_set_verify() is actually being
+     specifically for an SSL object with SSL_set_verify() is actually being
      used. Before the change, a verify_callback set with this function was
      ignored and the verify_callback() set in the SSL_CTX at the time of
      the call was used. New function X509_STORE_CTX_set_verify_cb() introduced
@@ -10485,10 +10552,10 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
      as other interfaces in OpenSSL, like the BIO interface.
      NCONF_dump_* dump the internal storage of the configuration file,
      which is useful for debugging.  All other functions take the same
-     arguments as the old CONF_* functions wth the exception of the
+     arguments as the old CONF_* functions with the exception of the
      first that must be a `CONF *' instead of a `LHASH *'.
 
-     To make it easer to use the new classes with the old CONF_* functions,
+     To make it easier to use the new classes with the old CONF_* functions,
      the function CONF_set_default_method is provided.
      [Richard Levitte]
 
@@ -12331,7 +12398,7 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
      than the old method: it now uses a modified version of Ulf's parser to
      read the ANSI prototypes in all header files (thus the old K&R definitions
      aren't needed for error creation any more) and do a better job of
-     translating function codes into names. The old 'ASN1 error code imbedded
+     translating function codes into names. The old 'ASN1 error code embedded
      in a comment' is no longer necessary and it doesn't use .err files which
      have now been deleted. Also the error code call doesn't have to appear all
      on one line (which resulted in some large lines...).
@@ -12632,7 +12699,7 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
 
   *) Add a useful kludge to allow package maintainers to specify compiler and
      other platforms details on the command line without having to patch the
-     Configure script everytime: One now can use ``perl Configure
+     Configure script every time: One now can use ``perl Configure
      <id>:<details>'', i.e. platform ids are allowed to have details appended
      to them (separated by colons). This is treated as there would be a static
      pre-configured entry in Configure's %table under key <id> with value
diff --git a/crypto/openssl/CONTRIBUTING b/crypto/openssl/CONTRIBUTING
index 5d717763d51e8..57be75ce2b8a2 100644
--- a/crypto/openssl/CONTRIBUTING
+++ b/crypto/openssl/CONTRIBUTING
@@ -58,7 +58,7 @@ guidelines:
     consider adding a note in CHANGES.  This could be a summarising
     description of the change, and could explain the grander details.
     Have a look through existing entries for inspiration.
-    Please note that this is NOT simply a copy of git-log oneliners.
+    Please note that this is NOT simply a copy of git-log one-liners.
     Also note that security fixes get an entry in CHANGES.
     This file helps users get more in depth information of what comes
     with a specific release without having to sift through the higher
diff --git a/crypto/openssl/Configure b/crypto/openssl/Configure
index 5a699836f32a0..2e9efaa5f3da8 100755
--- a/crypto/openssl/Configure
+++ b/crypto/openssl/Configure
@@ -1,6 +1,6 @@
 #! /usr/bin/env perl
 # -*- mode: perl; -*-
-# Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -69,7 +69,15 @@ my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lx
 # no-sse2       disables IA-32 SSE2 code in assembly modules, the above
 #               mentioned '386' option implies this one
 # no-<cipher>   build without specified algorithm (rsa, idea, rc5, ...)
-# -<xxx> +<xxx> compiler options are passed through
+# -<xxx> +<xxx> All options which are unknown to the 'Configure' script are
+# /<xxx>        passed through to the compiler. Unix-style options beginning
+#               with a '-' or '+' are recognized, as well as Windows-style
+#               options beginning with a '/'. If the option contains arguments
+#               separated by spaces, then the URL-style notation %20 can be
+#               used for the space character in order to avoid having to quote
+#               the option. For example, -opt%20arg gets expanded to -opt arg.
+#               In fact, any ASCII character can be encoded as %xx using its
+#               hexadecimal encoding.
 # -static       while -static is also a pass-through compiler option (and
 #               as such is limited to environments where it's actually
 #               meaningful), it triggers a number configuration options,
@@ -152,6 +160,10 @@ my @clang_devteam_warn = qw(
     -Wmissing-variable-declarations
 );
 
+my @cl_devteam_warn = qw(
+    /WX
+);
+
 # This adds backtrace information to the memory leak info.  Is only used
 # when crypto-mdebug-backtrace is enabled.
 my $memleak_devteam_backtrace = "-rdynamic";
@@ -346,6 +358,7 @@ my @disablables = (
     "dgram",
     "dh",
     "dsa",
+    "dso",
     "dtls",
     "dynamic-engine",
     "ec",
@@ -423,7 +436,6 @@ my %deprecated_disablables = (
     "buf-freelists" => undef,
     "ripemd" => "rmd160",
     "ui" => "ui-console",
-    "dso" => "",                # Empty string means we're silent about it
     );
 
 # All of the following are disabled by default:
@@ -480,6 +492,7 @@ my @disable_cascades = (
     # Without position independent code, there can be no shared libraries or DSOs
     "pic"               => [ "shared" ],
     "shared"            => [ "dynamic-engine" ],
+    "dso"               => [ "dynamic-engine" ],
     "engine"            => [ "afalgeng", "devcryptoeng" ],
 
     # no-autoalginit is only useful when building non-shared
@@ -520,7 +533,7 @@ while ((my $first, my $second) = (shift @list, shift @list)) {
 
 &usage if ($#ARGV < 0);
 
-# For the "make variables" CINCLUDES and CDEFINES, we support lists with
+# For the "make variables" CPPINCLUDES and CPPDEFINES, we support lists with
 # platform specific list separators.  Users from those platforms should
 # recognise those separators from how you set up the PATH to find executables.
 # The default is the Unix like separator, :, but as an exception, we also
@@ -776,7 +789,7 @@ while (@argvcopy)
                 {
                 die "FIPS mode not supported\n";
                 }
-        elsif (/^[-+]/)
+        elsif (m|^[-+/]|)
                 {
                 if (/^--prefix=(.*)$/)
                         {
@@ -853,11 +866,11 @@ while (@argvcopy)
                         {
                         push @{$useradd{LDFLAGS}}, $_;
                         }
-                elsif (/^-D(.*)$/)
+                elsif (m|^[-/]D(.*)$|)
                         {
                         push @{$useradd{CPPDEFINES}}, $1;
                         }
-                elsif (/^-I(.*)$/)
+                elsif (m|^[-/]I(.*)$|)
                         {
                         push @{$useradd{CPPINCLUDES}}, $1;
                         }
@@ -867,11 +880,23 @@ while (@argvcopy)
                         }
                 else    # common if (/^[-+]/), just pass down...
                         {
+                        # Treat %xx as an ASCII code (e.g. replace %20 by a space character).
+                        # This provides a simple way to pass options with arguments separated
+                        # by spaces without quoting (e.g. -opt%20arg translates to -opt arg).
                         $_ =~ s/%([0-9a-f]{1,2})/chr(hex($1))/gei;
                         push @{$useradd{CFLAGS}}, $_;
                         push @{$useradd{CXXFLAGS}}, $_;
                         }
                 }
+        elsif (m|^/|)
+                {
+                # Treat %xx as an ASCII code (e.g. replace %20 by a space character).
+                # This provides a simple way to pass options with arguments separated
+                # by spaces without quoting (e.g. /opt%20arg translates to /opt arg).
+                $_ =~ s/%([0-9a-f]{1,2})/chr(hex($1))/gei;
+                push @{$useradd{CFLAGS}}, $_;
+                push @{$useradd{CXXFLAGS}}, $_;
+                }
         else
                 {
                 die "target already defined - $target (offending arg: $_)\n" if ($target ne "");
@@ -949,7 +974,11 @@ foreach (keys %user) {
 
     if (defined $value) {
         if (ref $user{$_} eq 'ARRAY') {
-            $user{$_} = [ split /$list_separator_re/, $value ];
+            if ($_ eq 'CPPDEFINES' || $_ eq 'CPPINCLUDES') {
+                $user{$_} = [ split /$list_separator_re/, $value ];
+            } else {
+                $user{$_} = [ $value ];
+            }
         } elsif (!defined $user{$_}) {
             $user{$_} = $value;
         }
@@ -1162,43 +1191,6 @@ foreach (keys %useradd) {
 # Allow overriding the build file name
 $config{build_file} = env('BUILDFILE') || $target{build_file} || "Makefile";
 
-my %disabled_info = ();         # For configdata.pm
-foreach my $what (sort keys %disabled) {
-    $config{options} .= " no-$what";
-
-    if (!grep { $what eq $_ } ( 'buildtest-c++', 'threads', 'shared', 'pic',
-                                'dynamic-engine', 'makedepend',
-                                'zlib-dynamic', 'zlib', 'sse2' )) {
-        (my $WHAT = uc $what) =~ s|-|_|g;
-
-        # Fix up C macro end names
-        $WHAT = "RMD160" if $what eq "ripemd";
-
-        # fix-up crypto/directory name(s)
-        $what = "ripemd" if $what eq "rmd160";
-        $what = "whrlpool" if $what eq "whirlpool";
-
-        my $macro = $disabled_info{$what}->{macro} = "OPENSSL_NO_$WHAT";
-
-        if ((grep { $what eq $_ } @{$config{sdirs}})
-                && $what ne 'async' && $what ne 'err') {
-            @{$config{sdirs}} = grep { $what ne $_} @{$config{sdirs}};
-            $disabled_info{$what}->{skipped} = [ catdir('crypto', $what) ];
-
-            if ($what ne 'engine') {
-                push @{$config{openssl_algorithm_defines}}, $macro;
-            } else {
-                @{$config{dirs}} = grep !/^engines$/, @{$config{dirs}};
-                push @{$disabled_info{engine}->{skipped}}, catdir('engines');
-                push @{$config{openssl_other_defines}}, $macro;
-            }
-        } else {
-            push @{$config{openssl_other_defines}}, $macro;
-        }
-
-    }
-}
-
 # Make sure build_scheme is consistent.
 $target{build_scheme} = [ $target{build_scheme} ]
     if ref($target{build_scheme}) ne "ARRAY";
@@ -1288,10 +1280,8 @@ if ($target{shared_target} eq "")
         }
 
 if ($disabled{"dynamic-engine"}) {
-        push @{$config{openssl_other_defines}}, "OPENSSL_NO_DYNAMIC_ENGINE";
         $config{dynamic_engines} = 0;
 } else {
-        push @{$config{openssl_other_defines}}, "OPENSSL_NO_STATIC_ENGINE";
         $config{dynamic_engines} = 1;
 }
 
@@ -1375,6 +1365,7 @@ unless ($disabled{asm}) {
     }
     if ($target{aes_asm_src}) {
         push @{$config{lib_defines}}, "AES_ASM" if ($target{aes_asm_src} =~ m/\baes-/);;
+        push @{$config{lib_defines}}, "AESNI_ASM" if ($target{aes_asm_src} =~ m/\baesni-/);;
         # aes-ctr.fake is not a real file, only indication that assembler
         # module implements AES_ctr32_encrypt...
         push @{$config{lib_defines}}, "AES_CTR_ASM" if ($target{aes_asm_src} =~ s/\s*aes-ctr\.fake//);
@@ -1501,11 +1492,20 @@ if ($strict_warnings)
         my $wopt;
         my $gccver = $predefined_C{__GNUC__} // -1;
 
-        warn "WARNING --strict-warnings requires gcc[>=4] or gcc-alike"
-            unless $gccver >= 4;
-        push @strict_warnings_collection, @gcc_devteam_warn;
-        push @strict_warnings_collection, @clang_devteam_warn
-            if (defined($predefined_C{__clang__}));
+        if ($gccver >= 4)
+                {
+                push @strict_warnings_collection, @gcc_devteam_warn;
+                push @strict_warnings_collection, @clang_devteam_warn
+                    if (defined($predefined_C{__clang__}));
+                }
+        elsif ($config{target} =~ /^VC-/)
+                {
+                push @strict_warnings_collection, @cl_devteam_warn;
+                }
+        else
+                {
+                warn "WARNING --strict-warnings requires gcc[>=4] or gcc-alike, or MSVC"
+                }
         }
 
 if (grep { $_ eq '-static' } @{$config{LDFLAGS}}) {
@@ -1552,7 +1552,20 @@ unless ($disabled{afalgeng}) {
     }
 }
 
-push @{$config{openssl_other_defines}}, "OPENSSL_NO_AFALGENG" if ($disabled{afalgeng});
+unless ($disabled{devcryptoeng}) {
+    if ($target =~ m/^BSD/) {
+        my $maxver = 5*100 + 7;
+        my $sysstr = `uname -s`;
+        my $verstr = `uname -r`;
+        $sysstr =~ s|\R$||;
+        $verstr =~ s|\R$||;
+        my ($ma, $mi, @rest) = split m|\.|, $verstr;
+        my $ver = $ma*100 + $mi;
+        if ($sysstr eq 'OpenBSD' && $ver >= $maxver) {
+            disable('too-new-kernel', 'devcryptoeng');
+        }
+    }
+}
 
 # Get the extra flags used when building shared libraries and modules.  We
 # do this late because some of them depend on %disabled.
@@ -1597,6 +1610,49 @@ $target{module_ldflags} = $target{shared_ldflag} unless defined $target{module_l
 
 # ALL MODIFICATIONS TO %disabled, %config and %target MUST BE DONE FROM HERE ON
 
+my %disabled_info = ();         # For configdata.pm
+foreach my $what (sort keys %disabled) {
+    $config{options} .= " no-$what";
+
+    if (!grep { $what eq $_ } ( 'buildtest-c++', 'threads', 'shared', 'pic',
+                                'dynamic-engine', 'makedepend',
+                                'zlib-dynamic', 'zlib', 'sse2' )) {
+        (my $WHAT = uc $what) =~ s|-|_|g;
+
+        # Fix up C macro end names
+        $WHAT = "RMD160" if $what eq "ripemd";
+
+        # fix-up crypto/directory name(s)
+        $what = "ripemd" if $what eq "rmd160";
+        $what = "whrlpool" if $what eq "whirlpool";
+
+        my $macro = $disabled_info{$what}->{macro} = "OPENSSL_NO_$WHAT";
+
+        if ((grep { $what eq $_ } @{$config{sdirs}})
+                && $what ne 'async' && $what ne 'err' && $what ne 'dso') {
+            @{$config{sdirs}} = grep { $what ne $_} @{$config{sdirs}};
+            $disabled_info{$what}->{skipped} = [ catdir('crypto', $what) ];
+
+            if ($what ne 'engine') {
+                push @{$config{openssl_algorithm_defines}}, $macro;
+            } else {
+                @{$config{dirs}} = grep !/^engines$/, @{$config{dirs}};
+                push @{$disabled_info{engine}->{skipped}}, catdir('engines');
+                push @{$config{openssl_other_defines}}, $macro;
+            }
+        } else {
+            push @{$config{openssl_other_defines}}, $macro;
+        }
+
+    }
+}
+
+if ($disabled{"dynamic-engine"}) {
+    push @{$config{openssl_other_defines}}, "OPENSSL_NO_DYNAMIC_ENGINE";
+} else {
+    push @{$config{openssl_other_defines}}, "OPENSSL_NO_STATIC_ENGINE";
+}
+
 # If we use the unified build, collect information from build.info files
 my %unified_info = ();
 
diff --git a/crypto/openssl/INSTALL b/crypto/openssl/INSTALL
index 2119cbae9e597..328ad2baf480b 100644
--- a/crypto/openssl/INSTALL
+++ b/crypto/openssl/INSTALL
@@ -351,6 +351,9 @@
                    Don't build support for datagram based BIOs. Selecting this
                    option will also force the disabling of DTLS.
 
+  no-dso
+                   Don't build support for loading Dynamic Shared Objects.
+
   enable-devcryptoeng
                    Build the /dev/crypto engine.  It is automatically selected
                    on BSD implementations, in which case it can be disabled with
@@ -605,10 +608,19 @@
                    Take note of the VAR=value documentation below and how
                    these flags interact with those variables.
 
-  -xxx, +xxx
+  -xxx, +xxx, /xxx
                    Additional options that are not otherwise recognised are
-                   passed through as they are to the compiler as well.  Again,
-                   consult your compiler documentation.
+                   passed through as they are to the compiler as well.
+                   Unix-style options beginning with a '-' or '+' and
+                   Windows-style options beginning with a '/' are recognized.
+                   Again, consult your compiler documentation.
+
+                   If the option contains arguments separated by spaces,
+                   then the URL-style notation %20 can be used for the space
+                   character in order to avoid having to quote the option.
+                   For example, -opt%20arg gets expanded to -opt arg.
+                   In fact, any ASCII character can be encoded as %xx using its
+                   hexadecimal encoding.
 
                    Take note of the VAR=value documentation below and how
                    these flags interact with those variables.
@@ -1071,7 +1083,7 @@
 
  HASHBANGPERL
                 The command string for the Perl executable to insert in the
-                #! line of perl scripts that will be publically installed.
+                #! line of perl scripts that will be publicly installed.
                 Default: /usr/bin/env perl
                 Note: the value of this variable is added to the same scripts
                 on all platforms, but it's only relevant on Unix-like platforms.
diff --git a/crypto/openssl/NEWS b/crypto/openssl/NEWS
index 1c88dee35389b..eba6c3b6d93fc 100644
--- a/crypto/openssl/NEWS
+++ b/crypto/openssl/NEWS
@@ -5,6 +5,11 @@
   This file gives a brief overview of the major changes between each OpenSSL
   release. For more details please read the CHANGES file.
 
+  Major changes between OpenSSL 1.1.1d and OpenSSL 1.1.1e [17 Mar 2020]
+
+      o Fixed an overflow bug in the x64_64 Montgomery squaring procedure
+        used in exponentiation with 512-bit moduli (CVE-2019-1551)
+
   Major changes between OpenSSL 1.1.1c and OpenSSL 1.1.1d [10 Sep 2019]
 
       o Fixed a fork protection issue (CVE-2019-1549)
diff --git a/crypto/openssl/README b/crypto/openssl/README
index 51bb4789be2a9..8e9ce75a335d7 100644
--- a/crypto/openssl/README
+++ b/crypto/openssl/README
@@ -1,5 +1,5 @@
 
- OpenSSL 1.1.1d 10 Sep 2019
+ OpenSSL 1.1.1e 17 Mar 2020
 
  Copyright (c) 1998-2019 The OpenSSL Project
  Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
diff --git a/crypto/openssl/apps/apps.c b/crypto/openssl/apps/apps.c
index 7177c5d982661..c06241abb9758 100644
--- a/crypto/openssl/apps/apps.c
+++ b/crypto/openssl/apps/apps.c
@@ -1962,26 +1962,46 @@ unsigned char *next_protos_parse(size_t *outlen, const char *in)
     size_t len;
     unsigned char *out;
     size_t i, start = 0;
+    size_t skipped = 0;
 
     len = strlen(in);
-    if (len >= 65535)
+    if (len == 0 || len >= 65535)
         return NULL;
 
-    out = app_malloc(strlen(in) + 1, "NPN buffer");
+    out = app_malloc(len + 1, "NPN buffer");
     for (i = 0; i <= len; ++i) {
         if (i == len || in[i] == ',') {
+            /*
+             * Zero-length ALPN elements are invalid on the wire, we could be
+             * strict and reject the entire string, but just ignoring extra
+             * commas seems harmless and more friendly.
+             *
+             * Every comma we skip in this way puts the input buffer another
+             * byte ahead of the output buffer, so all stores into the output
+             * buffer need to be decremented by the number commas skipped.
+             */
+            if (i == start) {
+                ++start;
+                ++skipped;
+                continue;
+            }
             if (i - start > 255) {
                 OPENSSL_free(out);
                 return NULL;
             }
-            out[start] = (unsigned char)(i - start);
+            out[start-skipped] = (unsigned char)(i - start);
             start = i + 1;
         } else {
-            out[i + 1] = in[i];
+            out[i + 1 - skipped] = in[i];
         }
     }
 
-    *outlen = len + 1;
+    if (len <= skipped) {
+        OPENSSL_free(out);
+        return NULL;
+    }
+
+    *outlen = len + 1 - skipped;
     return out;
 }
 
diff --git a/crypto/openssl/apps/apps.h b/crypto/openssl/apps/apps.h
index 4a3e1a88573ee..34c3fd8633c1e 100644
--- a/crypto/openssl/apps/apps.h
+++ b/crypto/openssl/apps/apps.h
@@ -7,8 +7,8 @@
  * https://www.openssl.org/source/license.html
  */
 
-#ifndef HEADER_APPS_H
-# define HEADER_APPS_H
+#ifndef OSSL_APPS_H
+# define OSSL_APPS_H
 
 # include "e_os.h" /* struct timeval for DTLS */
 # include "internal/nelem.h"
diff --git a/crypto/openssl/apps/dgst.c b/crypto/openssl/apps/dgst.c
index d6f5a0e2e7125..e595f7d8186f3 100644
--- a/crypto/openssl/apps/dgst.c
+++ b/crypto/openssl/apps/dgst.c
@@ -19,6 +19,7 @@
 #include <openssl/x509.h>
 #include <openssl/pem.h>
 #include <openssl/hmac.h>
+#include <ctype.h>
 
 #undef BUFSIZE
 #define BUFSIZE 1024*8
@@ -27,9 +28,15 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
           EVP_PKEY *key, unsigned char *sigin, int siglen,
           const char *sig_name, const char *md_name,
           const char *file);
+static void show_digests(const OBJ_NAME *name, void *bio_);
+
+struct doall_dgst_digests {
+    BIO *bio;
+    int n;
+};
 
 typedef enum OPTION_choice {
-    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_LIST,
     OPT_C, OPT_R, OPT_OUT, OPT_SIGN, OPT_PASSIN, OPT_VERIFY,
     OPT_PRVERIFY, OPT_SIGNATURE, OPT_KEYFORM, OPT_ENGINE, OPT_ENGINE_IMPL,
     OPT_HEX, OPT_BINARY, OPT_DEBUG, OPT_FIPS_FINGERPRINT,
@@ -43,6 +50,7 @@ const OPTIONS dgst_options[] = {
     {OPT_HELP_STR, 1, '-',
         "  file... files to digest (default is stdin)\n"},
     {"help", OPT_HELP, '-', "Display this summary"},
+    {"list", OPT_LIST, '-', "List digests"},
     {"c", OPT_C, '-', "Print the digest with separating colons"},
     {"r", OPT_R, '-', "Print the digest in coreutils format"},
     {"out", OPT_OUT, '>', "Output to filename rather than stdout"},
@@ -91,6 +99,7 @@ int dgst_main(int argc, char **argv)
     int i, ret = 1, out_bin = -1, want_pub = 0, do_verify = 0;
     unsigned char *buf = NULL, *sigbuf = NULL;
     int engine_impl = 0;
+    struct doall_dgst_digests dec;
 
     prog = opt_progname(argv[0]);
     buf = app_malloc(BUFSIZE, "I/O buffer");
@@ -108,6 +117,15 @@ int dgst_main(int argc, char **argv)
             opt_help(dgst_options);
             ret = 0;
             goto end;
+        case OPT_LIST:
+            BIO_printf(bio_out, "Supported digests:\n");
+            dec.bio = bio_out;
+            dec.n = 0;
+            OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_MD_METH,
+                                   show_digests, &dec);
+            BIO_printf(bio_out, "\n");
+            ret = 0;
+            goto end;
         case OPT_C:
             separator = 1;
             break;
@@ -413,20 +431,86 @@ int dgst_main(int argc, char **argv)
     return ret;
 }
 
+static void show_digests(const OBJ_NAME *name, void *arg)
+{
+    struct doall_dgst_digests *dec = (struct doall_dgst_digests *)arg;
+    const EVP_MD *md = NULL;
+
+    /* Filter out signed digests (a.k.a signature algorithms) */
+    if (strstr(name->name, "rsa") != NULL || strstr(name->name, "RSA") != NULL)
+        return;
+
+    if (!islower((unsigned char)*name->name))
+        return;
+
+    /* Filter out message digests that we cannot use */
+    md = EVP_get_digestbyname(name->name);
+    if (md == NULL)
+        return;
+
+    BIO_printf(dec->bio, "-%-25s", name->name);
+    if (++dec->n == 3) {
+        BIO_printf(dec->bio, "\n");
+        dec->n = 0;
+    } else {
+        BIO_printf(dec->bio, " ");
+    }
+}
+
+/*
+ * The newline_escape_filename function performs newline escaping for any
+ * filename that contains a newline.  This function also takes a pointer
+ * to backslash. The backslash pointer is a flag to indicating whether a newline
+ * is present in the filename.  If a newline is present, the backslash flag is
+ * set and the output format will contain a backslash at the beginning of the
+ * digest output. This output format is to replicate the output format found
+ * in the '*sum' checksum programs. This aims to preserve backward
+ * compatibility.
+ */
+static const char *newline_escape_filename(const char *file, int * backslash)
+{
+    size_t i, e = 0, length = strlen(file), newline_count = 0, mem_len = 0;
+    char *file_cpy = NULL;
+
+    for (i = 0; i < length; i++)
+        if (file[i] == '\n')
+            newline_count++;
+
+    mem_len = length + newline_count + 1;
+    file_cpy = app_malloc(mem_len, file);
+    i = 0;
+
+    while(e < length) {
+        const char c = file[e];
+        if (c == '\n') {
+            file_cpy[i++] = '\\';
+            file_cpy[i++] = 'n';
+            *backslash = 1;
+        } else {
+            file_cpy[i++] = c;
+        }
+        e++;
+    }
+    file_cpy[i] = '\0';
+    return (const char*)file_cpy;
+}
+
+
 int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
           EVP_PKEY *key, unsigned char *sigin, int siglen,
           const char *sig_name, const char *md_name,
           const char *file)
 {
-    size_t len;
-    int i;
+    size_t len = BUFSIZE;
+    int i, backslash = 0, ret = 1;
+    unsigned char *sigbuf = NULL;
 
     while (BIO_pending(bp) || !BIO_eof(bp)) {
         i = BIO_read(bp, (char *)buf, BUFSIZE);
         if (i < 0) {
             BIO_printf(bio_err, "Read Error in %s\n", file);
             ERR_print_errors(bio_err);
-            return 1;
+            goto end;
         }
         if (i == 0)
             break;
@@ -439,37 +523,51 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
             BIO_printf(out, "Verified OK\n");
         } else if (i == 0) {
             BIO_printf(out, "Verification Failure\n");
-            return 1;
+            goto end;
         } else {
             BIO_printf(bio_err, "Error Verifying Data\n");
             ERR_print_errors(bio_err);
-            return 1;
+            goto end;
         }
-        return 0;
+        ret = 0;
+        goto end;
     }
     if (key != NULL) {
         EVP_MD_CTX *ctx;
+        int pkey_len;
         BIO_get_md_ctx(bp, &ctx);
-        len = BUFSIZE;
+        pkey_len = EVP_PKEY_size(key);
+        if (pkey_len > BUFSIZE) {
+            len = pkey_len;
+            sigbuf = app_malloc(len, "Signature buffer");
+            buf = sigbuf;
+        }
         if (!EVP_DigestSignFinal(ctx, buf, &len)) {
             BIO_printf(bio_err, "Error Signing Data\n");
             ERR_print_errors(bio_err);
-            return 1;
+            goto end;
         }
     } else {
         len = BIO_gets(bp, (char *)buf, BUFSIZE);
         if ((int)len < 0) {
             ERR_print_errors(bio_err);
-            return 1;
+            goto end;
         }
     }
 
     if (binout) {
         BIO_write(out, buf, len);
     } else if (sep == 2) {
+        file = newline_escape_filename(file, &backslash);
+
+        if (backslash == 1)
+            BIO_puts(out, "\\");
+
         for (i = 0; i < (int)len; i++)
             BIO_printf(out, "%02x", buf[i]);
+
         BIO_printf(out, " *%s\n", file);
+        OPENSSL_free((char *)file);
     } else {
         if (sig_name != NULL) {
             BIO_puts(out, sig_name);
@@ -488,5 +586,11 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
         }
         BIO_printf(out, "\n");
     }
-    return 0;
+
+    ret = 0;
+ end:
+    if (sigbuf != NULL)
+        OPENSSL_clear_free(sigbuf, len);
+
+    return ret;
 }
diff --git a/crypto/openssl/apps/enc.c b/crypto/openssl/apps/enc.c
index d1772f3eb9f25..ddf51e0dba156 100644
--- a/crypto/openssl/apps/enc.c
+++ b/crypto/openssl/apps/enc.c
@@ -50,7 +50,8 @@ typedef enum OPTION_choice {
 
 const OPTIONS enc_options[] = {
     {"help", OPT_HELP, '-', "Display this summary"},
-    {"ciphers", OPT_LIST, '-', "List ciphers"},
+    {"list", OPT_LIST, '-', "List ciphers"},
+    {"ciphers", OPT_LIST, '-', "Alias for -list"},
     {"in", OPT_IN, '<', "Input file"},
     {"out", OPT_OUT, '>', "Output file"},
     {"pass", OPT_PASS, 's', "Passphrase source"},
diff --git a/crypto/openssl/apps/ocsp.c b/crypto/openssl/apps/ocsp.c
index 5d2391816995c..b85a4d82c1bd1 100644
--- a/crypto/openssl/apps/ocsp.c
+++ b/crypto/openssl/apps/ocsp.c
@@ -114,7 +114,7 @@ static int acfd = (int) INVALID_SOCKET;
 static int index_changed(CA_DB *);
 static void spawn_loop(void);
 static int print_syslog(const char *str, size_t len, void *levPtr);
-static void sock_timeout(int signum);
+static void socket_timeout(int signum);
 # endif
 
 # ifndef OPENSSL_NO_SOCK
@@ -597,7 +597,7 @@ int ocsp_main(int argc, char **argv)
     if (multi && acbio != NULL)
         spawn_loop();
     if (acbio != NULL && req_timeout > 0)
-        signal(SIGALRM, sock_timeout);
+        signal(SIGALRM, socket_timeout);
 #endif
 
     if (acbio != NULL)
@@ -1352,7 +1352,7 @@ static int urldecode(char *p)
 # endif
 
 # ifdef OCSP_DAEMON
-static void sock_timeout(int signum)
+static void socket_timeout(int signum)
 {
     if (acfd != (int)INVALID_SOCKET)
         (void)shutdown(acfd, SHUT_RD);
diff --git a/crypto/openssl/apps/openssl.c b/crypto/openssl/apps/openssl.c
index 9648f35b02844..ff7b759a40b1c 100644
--- a/crypto/openssl/apps/openssl.c
+++ b/crypto/openssl/apps/openssl.c
@@ -164,6 +164,13 @@ int main(int argc, char *argv[])
     }
 
     prog = prog_init();
+    if (prog == NULL) {
+        BIO_printf(bio_err,
+                   "FATAL: Startup failure (dev note: prog_init() failed)\n");
+        ERR_print_errors(bio_err);
+        ret = 1;
+        goto end;
+    }
     pname = opt_progname(argv[0]);
 
     /* first check the program name */
diff --git a/crypto/openssl/apps/passwd.c b/crypto/openssl/apps/passwd.c
index aa516c874e656..d741d05335f89 100644
--- a/crypto/openssl/apps/passwd.c
+++ b/crypto/openssl/apps/passwd.c
@@ -807,7 +807,7 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
             (*salt_p)[i] = cov_2char[(*salt_p)[i] & 0x3f]; /* 6 bits */
         (*salt_p)[i] = 0;
 # ifdef CHARSET_EBCDIC
-        /* The password encryption funtion will convert back to ASCII */
+        /* The password encryption function will convert back to ASCII */
         ascii2ebcdic(*salt_p, *salt_p, saltlen);
 # endif
     }
diff --git a/crypto/openssl/apps/pkcs12.c b/crypto/openssl/apps/pkcs12.c
index d0600b376043b..3603b60c19b3a 100644
--- a/crypto/openssl/apps/pkcs12.c
+++ b/crypto/openssl/apps/pkcs12.c
@@ -41,6 +41,7 @@ int dump_certs_pkeys_bags(BIO *out, const STACK_OF(PKCS12_SAFEBAG) *bags,
 int dump_certs_pkeys_bag(BIO *out, const PKCS12_SAFEBAG *bags,
                          const char *pass, int passlen,
                          int options, char *pempass, const EVP_CIPHER *enc);
+void print_attribute(BIO *out, const ASN1_TYPE *av);
 int print_attribs(BIO *out, const STACK_OF(X509_ATTRIBUTE) *attrlst,
                   const char *name);
 void hex_prin(BIO *out, unsigned char *buf, int len);
@@ -878,6 +879,38 @@ int cert_load(BIO *in, STACK_OF(X509) *sk)
     return ret;
 }
 
+/* Generalised x509 attribute value print */
+
+void print_attribute(BIO *out, const ASN1_TYPE *av)
+{
+    char *value;
+
+    switch (av->type) {
+    case V_ASN1_BMPSTRING:
+        value = OPENSSL_uni2asc(av->value.bmpstring->data,
+                                av->value.bmpstring->length);
+        BIO_printf(out, "%s\n", value);
+        OPENSSL_free(value);
+        break;
+
+    case V_ASN1_OCTET_STRING:
+        hex_prin(out, av->value.octet_string->data,
+                 av->value.octet_string->length);
+        BIO_printf(out, "\n");
+        break;
+
+    case V_ASN1_BIT_STRING:
+        hex_prin(out, av->value.bit_string->data,
+                 av->value.bit_string->length);
+        BIO_printf(out, "\n");
+        break;
+
+    default:
+        BIO_printf(out, "<Unsupported tag %d>\n", av->type);
+        break;
+    }
+}
+
 /* Generalised attribute print: handle PKCS#8 and bag attributes */
 
 int print_attribs(BIO *out, const STACK_OF(X509_ATTRIBUTE) *attrlst,
@@ -885,8 +918,7 @@ int print_attribs(BIO *out, const STACK_OF(X509_ATTRIBUTE) *attrlst,
 {
     X509_ATTRIBUTE *attr;
     ASN1_TYPE *av;
-    char *value;
-    int i, attr_nid;
+    int i, j, attr_nid;
     if (!attrlst) {
         BIO_printf(out, "%s: <No Attributes>\n", name);
         return 1;
@@ -910,30 +942,10 @@ int print_attribs(BIO *out, const STACK_OF(X509_ATTRIBUTE) *attrlst,
         }
 
         if (X509_ATTRIBUTE_count(attr)) {
-            av = X509_ATTRIBUTE_get0_type(attr, 0);
-            switch (av->type) {
-            case V_ASN1_BMPSTRING:
-                value = OPENSSL_uni2asc(av->value.bmpstring->data,
-                                        av->value.bmpstring->length);
-                BIO_printf(out, "%s\n", value);
-                OPENSSL_free(value);
-                break;
-
-            case V_ASN1_OCTET_STRING:
-                hex_prin(out, av->value.octet_string->data,
-                         av->value.octet_string->length);
-                BIO_printf(out, "\n");
-                break;
-
-            case V_ASN1_BIT_STRING:
-                hex_prin(out, av->value.bit_string->data,
-                         av->value.bit_string->length);
-                BIO_printf(out, "\n");
-                break;
-
-            default:
-                BIO_printf(out, "<Unsupported tag %d>\n", av->type);
-                break;
+            for (j = 0; j < X509_ATTRIBUTE_count(attr); j++)
+            {
+                av = X509_ATTRIBUTE_get0_type(attr, j);
+                print_attribute(out, av);
             }
         } else {
             BIO_printf(out, "<No Values>\n");
diff --git a/crypto/openssl/apps/pkeyutl.c b/crypto/openssl/apps/pkeyutl.c
index 2c4e524b693e4..831e14dab4b39 100644
--- a/crypto/openssl/apps/pkeyutl.c
+++ b/crypto/openssl/apps/pkeyutl.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -299,8 +299,7 @@ int pkeyutl_main(int argc, char **argv)
     /* Sanity check the input */
     if (buf_inlen > EVP_MAX_MD_SIZE
             && (pkey_op == EVP_PKEY_OP_SIGN
-                || pkey_op == EVP_PKEY_OP_VERIFY
-                || pkey_op == EVP_PKEY_OP_VERIFYRECOVER)) {
+                || pkey_op == EVP_PKEY_OP_VERIFY)) {
         BIO_printf(bio_err,
                    "Error: The input data looks too long to be a hash\n");
         goto end;
diff --git a/crypto/openssl/apps/req.c b/crypto/openssl/apps/req.c
index f9d6fba1094da..a603907cd5af5 100644
--- a/crypto/openssl/apps/req.c
+++ b/crypto/openssl/apps/req.c
@@ -200,9 +200,12 @@ static int duplicated(LHASH_OF(OPENSSL_STRING) *addexts, char *kv)
     *p = '\0';
 
     /* Finally have a clean "key"; see if it's there [by attempt to add it]. */
-    if ((p = (char *)lh_OPENSSL_STRING_insert(addexts, (OPENSSL_STRING*)kv))
-        != NULL || lh_OPENSSL_STRING_error(addexts)) {
-        OPENSSL_free(p != NULL ? p : kv);
+    p = (char *)lh_OPENSSL_STRING_insert(addexts, (OPENSSL_STRING*)kv);
+    if (p != NULL) {
+        OPENSSL_free(p);
+        return 1;
+    } else if (lh_OPENSSL_STRING_error(addexts)) {
+        OPENSSL_free(kv);
         return -1;
     }
 
@@ -435,12 +438,14 @@ int req_main(int argc, char **argv)
 
     if (verbose)
         BIO_printf(bio_err, "Using configuration from %s\n", template);
-    req_conf = app_load_config(template);
+    if ((req_conf = app_load_config(template)) == NULL)
+        goto end;
     if (addext_bio) {
         if (verbose)
             BIO_printf(bio_err,
                        "Using additional configuration from command line\n");
-        addext_conf = app_load_config_bio(addext_bio, NULL);
+        if ((addext_conf = app_load_config_bio(addext_bio, NULL)) == NULL)
+            goto end;
     }
     if (template != default_config_file && !app_load_modules(req_conf))
         goto end;
diff --git a/crypto/openssl/apps/s_cb.c b/crypto/openssl/apps/s_cb.c
index 5dc1d03f28837..6406ddfb9e1b2 100644
--- a/crypto/openssl/apps/s_cb.c
+++ b/crypto/openssl/apps/s_cb.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -188,6 +188,7 @@ static STRINT_PAIR cert_type_list[] = {
     {"RSA fixed ECDH", TLS_CT_RSA_FIXED_ECDH},
     {"ECDSA fixed ECDH", TLS_CT_ECDSA_FIXED_ECDH},
     {"GOST01 Sign", TLS_CT_GOST01_SIGN},
+    {"GOST12 Sign", TLS_CT_GOST12_SIGN},
     {NULL}
 };
 
diff --git a/crypto/openssl/apps/s_server.c b/crypto/openssl/apps/s_server.c
index 929a08bd85b06..2248a432e2681 100644
--- a/crypto/openssl/apps/s_server.c
+++ b/crypto/openssl/apps/s_server.c
@@ -180,9 +180,6 @@ static unsigned int psk_server_cb(SSL *ssl, const char *identity,
 }
 #endif
 
-#define TLS13_AES_128_GCM_SHA256_BYTES  ((const unsigned char *)"\x13\x01")
-#define TLS13_AES_256_GCM_SHA384_BYTES  ((const unsigned char *)"\x13\x02")
-
 static int psk_find_session_cb(SSL *ssl, const unsigned char *identity,
                                size_t identity_len, SSL_SESSION **sess)
 {
@@ -3208,6 +3205,12 @@ static int www_body(int s, int stype, int prot, unsigned char *context)
                 if (e[0] == ' ')
                     break;
 
+                if (e[0] == ':') {
+                    /* Windows drive. We treat this the same way as ".." */
+                    dot = -1;
+                    break;
+                }
+
                 switch (dot) {
                 case 1:
                     dot = (e[0] == '.') ? 2 : 0;
@@ -3216,11 +3219,11 @@ static int www_body(int s, int stype, int prot, unsigned char *context)
                     dot = (e[0] == '.') ? 3 : 0;
                     break;
                 case 3:
-                    dot = (e[0] == '/') ? -1 : 0;
+                    dot = (e[0] == '/' || e[0] == '\\') ? -1 : 0;
                     break;
                 }
                 if (dot == 0)
-                    dot = (e[0] == '/') ? 1 : 0;
+                    dot = (e[0] == '/' || e[0] == '\\') ? 1 : 0;
             }
             dot = (dot == 3) || (dot == -1); /* filename contains ".."
                                               * component */
@@ -3234,11 +3237,11 @@ static int www_body(int s, int stype, int prot, unsigned char *context)
 
             if (dot) {
                 BIO_puts(io, text);
-                BIO_printf(io, "'%s' contains '..' reference\r\n", p);
+                BIO_printf(io, "'%s' contains '..' or ':'\r\n", p);
                 break;
             }
 
-            if (*p == '/') {
+            if (*p == '/' || *p == '\\') {
                 BIO_puts(io, text);
                 BIO_printf(io, "'%s' is an invalid path\r\n", p);
                 break;
diff --git a/crypto/openssl/apps/server.pem b/crypto/openssl/apps/server.pem
index d0fc265f04552..b3807591994df 100644
--- a/crypto/openssl/apps/server.pem
+++ b/crypto/openssl/apps/server.pem
@@ -1,52 +1,47 @@
-subject= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = Test Server Cert
-issuer= C = UK, O = OpenSSL Group, OU = FOR TESTING PURPOSES ONLY, CN = OpenSSL Test Intermediate CA
 -----BEGIN CERTIFICATE-----
-MIID5zCCAs+gAwIBAgIJALnu1NlVpZ6zMA0GCSqGSIb3DQEBBQUAMHAxCzAJBgNV
-BAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMSIwIAYDVQQLDBlGT1IgVEVT
-VElORyBQVVJQT1NFUyBPTkxZMSUwIwYDVQQDDBxPcGVuU1NMIFRlc3QgSW50ZXJt
-ZWRpYXRlIENBMB4XDTExMTIwODE0MDE0OFoXDTIxMTAxNjE0MDE0OFowZDELMAkG
-A1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxIjAgBgNVBAsMGUZPUiBU
-RVNUSU5HIFBVUlBPU0VTIE9OTFkxGTAXBgNVBAMMEFRlc3QgU2VydmVyIENlcnQw
-ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDzhPOSNtyyRspmeuUpxfNJ
-KCLTuf7g3uQ4zu4iHOmRO5TQci+HhVlLZrHF9XqFXcIP0y4pWDbMSGuiorUmzmfi
-R7bfSdI/+qIQt8KXRH6HNG1t8ou0VSvWId5TS5Dq/er5ODUr9OaaDva7EquHIcMv
-vPQGuI+OEAcnleVCy9HVEIySrO4P3CNIicnGkwwiAud05yUAq/gPXBC1hTtmlPD7
-TVcGVSEiJdvzqqlgv02qedGrkki6GY4S7GjZxrrf7Foc2EP+51LJzwLQx3/JfrCU
-41NEWAsu/Sl0tQabXESN+zJ1pDqoZ3uHMgpQjeGiE0olr+YcsSW/tJmiU9OiAr8R
-AgMBAAGjgY8wgYwwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBeAwLAYJYIZI
-AYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQW
-BBSCvM8AABPR9zklmifnr9LvIBturDAfBgNVHSMEGDAWgBQ2w2yI55X+sL3szj49
-hqshgYfa2jANBgkqhkiG9w0BAQUFAAOCAQEAqb1NV0B0/pbpK9Z4/bNjzPQLTRLK
-WnSNm/Jh5v0GEUOE/Beg7GNjNrmeNmqxAlpqWz9qoeoFZax+QBpIZYjROU3TS3fp
-yLsrnlr0CDQ5R7kCCDGa8dkXxemmpZZLbUCpW2Uoy8sAA4JjN9OtsZY7dvUXFgJ7
-vVNTRnI01ghknbtD+2SxSQd3CWF6QhcRMAzZJ1z1cbbwGDDzfvGFPzJ+Sq+zEPds
-xoVLLSetCiBc+40ZcDS5dV98h9XD7JMTQfxzA7mNGv73JoZJA6nFgj+ADSlJsY/t
-JBv+z1iQRueoh9Qeee+ZbRifPouCB8FDx+AltvHTANdAq0t/K3o+pplMVA==
+MIIDJTCCAg2gAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
+IENBMCAXDTE2MDExNDIyMjk0NloYDzIxMTYwMTE1MjIyOTQ2WjAZMRcwFQYDVQQD
+DA5zZXJ2ZXIuZXhhbXBsZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+ANVdYGrf/GHuSKqMEUhDpW22Ul2qmEmxYZI1sfw6BCUMbXn/tNXJ6VwcO+Crs7h9
+o95tveDd11q/FEcRQl6mgtBhwX/dE0bmCYUHDvLU/Bpk0gqtIKsga5bwrczEGVNV
+3AEdpLPvirRJU12KBRzx3OFEv8XX4ncZV1yXC3XuiENxD8pswbSyUKd3RmxYDxG/
+8XYkWq45QrdRZynh0FUwbxfkkeqt+CjCQ2+iZKn7nZiSYkg+6w1PgkqK/z9y7pa1
+rqHBmLrvfZB1bf9aUp6r9cB+0IdD24UHBw99OHr90dPuZR3T6jlqhzfuStPgDW71
+cKzCvfFu85KVXqnwoWWVk40CAwEAAaN9MHswHQYDVR0OBBYEFMDnhL/oWSczELBS
+T1FSLwbWwHrNMB8GA1UdIwQYMBaAFHB/Lq6DaFmYBCMqzes+F80k3QFJMAkGA1Ud
+EwQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwGQYDVR0RBBIwEIIOc2VydmVyLmV4
+YW1wbGUwDQYJKoZIhvcNAQELBQADggEBAHvTBEN1ig8RrsT716Ginv4gGNX0LzGI
+RrZ1jO7lm5emuaPNYJpGw0iX5Zdo91qGNXPZaZ75X3S55pQTActq3OPEBOll2pyk
+iyjz+Zp/v5cfRZLlBbFW5gv2R94eibYr4U3fSn4B0yPcl4xH/l/HzJhGDsSDW8qK
+8VIJvmvsPwmL0JMCv+FR59F+NFYZdND/KCXet59WUpF9ICmFCoBEX3EyJXEPwhbi
+X2sdPzJbCjx0HLli8e0HUKNttLQxCsBTRGo6iISLLamwN47mGDa9miBADwGSiz2q
+YeeuLO02zToHhnQ6KbPXOrQAqcL1kngO4g+j/ru+4AZThFkdkGnltvk=
 -----END CERTIFICATE-----
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEA84TzkjbcskbKZnrlKcXzSSgi07n+4N7kOM7uIhzpkTuU0HIv
-h4VZS2axxfV6hV3CD9MuKVg2zEhroqK1Js5n4ke230nSP/qiELfCl0R+hzRtbfKL
-tFUr1iHeU0uQ6v3q+Tg1K/Tmmg72uxKrhyHDL7z0BriPjhAHJ5XlQsvR1RCMkqzu
-D9wjSInJxpMMIgLndOclAKv4D1wQtYU7ZpTw+01XBlUhIiXb86qpYL9NqnnRq5JI
-uhmOEuxo2ca63+xaHNhD/udSyc8C0Md/yX6wlONTRFgLLv0pdLUGm1xEjfsydaQ6
-qGd7hzIKUI3hohNKJa/mHLElv7SZolPTogK/EQIDAQABAoIBAADq9FwNtuE5IRQn
-zGtO4q7Y5uCzZ8GDNYr9RKp+P2cbuWDbvVAecYq2NV9QoIiWJOAYZKklOvekIju3
-r0UZLA0PRiIrTg6NrESx3JrjWDK8QNlUO7CPTZ39/K+FrmMkV9lem9yxjJjyC34D
-AQB+YRTx+l14HppjdxNwHjAVQpIx/uO2F5xAMuk32+3K+pq9CZUtrofe1q4Agj9R
-5s8mSy9pbRo9kW9wl5xdEotz1LivFOEiqPUJTUq5J5PeMKao3vdK726XI4Z455Nm
-W2/MA0YV0ug2FYinHcZdvKM6dimH8GLfa3X8xKRfzjGjTiMSwsdjgMa4awY3tEHH
-674jhAECgYEA/zqMrc0zsbNk83sjgaYIug5kzEpN4ic020rSZsmQxSCerJTgNhmg
-utKSCt0Re09Jt3LqG48msahX8ycqDsHNvlEGPQSbMu9IYeO3Wr3fAm75GEtFWePY
-BhM73I7gkRt4s8bUiUepMG/wY45c5tRF23xi8foReHFFe9MDzh8fJFECgYEA9EFX
-4qAik1pOJGNei9BMwmx0I0gfVEIgu0tzeVqT45vcxbxr7RkTEaDoAG6PlbWP6D9a
-WQNLp4gsgRM90ZXOJ4up5DsAWDluvaF4/omabMA+MJJ5kGZ0gCj5rbZbKqUws7x8
-bp+6iBfUPJUbcqNqFmi/08Yt7vrDnMnyMw2A/sECgYEAiiuRMxnuzVm34hQcsbhH
-6ymVqf7j0PW2qK0F4H1ocT9qhzWFd+RB3kHWrCjnqODQoI6GbGr/4JepHUpre1ex
-4UEN5oSS3G0ru0rC3U4C59dZ5KwDHFm7ffZ1pr52ljfQDUsrjjIMRtuiwNK2OoRa
-WSsqiaL+SDzSB+nBmpnAizECgYBdt/y6rerWUx4MhDwwtTnel7JwHyo2MDFS6/5g
-n8qC2Lj6/fMDRE22w+CA2esp7EJNQJGv+b27iFpbJEDh+/Lf5YzIT4MwVskQ5bYB
-JFcmRxUVmf4e09D7o705U/DjCgMH09iCsbLmqQ38ONIRSHZaJtMDtNTHD1yi+jF+
-OT43gQKBgQC/2OHZoko6iRlNOAQ/tMVFNq7fL81GivoQ9F1U0Qr+DH3ZfaH8eIkX
-xT0ToMPJUzWAn8pZv0snA0um6SIgvkCuxO84OkANCVbttzXImIsL7pFzfcwV/ERK
-UM6j0ZuSMFOCr/lGPAoOQU0fskidGEHi1/kW+suSr28TqsyYZpwBDQ==
------END RSA PRIVATE KEY-----
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDVXWBq3/xh7kiq
+jBFIQ6VttlJdqphJsWGSNbH8OgQlDG15/7TVyelcHDvgq7O4faPebb3g3ddavxRH
+EUJepoLQYcF/3RNG5gmFBw7y1PwaZNIKrSCrIGuW8K3MxBlTVdwBHaSz74q0SVNd
+igUc8dzhRL/F1+J3GVdclwt17ohDcQ/KbMG0slCnd0ZsWA8Rv/F2JFquOUK3UWcp
+4dBVMG8X5JHqrfgowkNvomSp+52YkmJIPusNT4JKiv8/cu6Wta6hwZi6732QdW3/
+WlKeq/XAftCHQ9uFBwcPfTh6/dHT7mUd0+o5aoc37krT4A1u9XCswr3xbvOSlV6p
+8KFllZONAgMBAAECggEADLTt7A+A2Vg2jamf0dztejY0e42QWjstI2b9PZc67fXq
+gyx+WYkX07t+uWegYWliG/oPJ9guXiIpE/5sJHToL37S5kmFP2CtynVcJ4wVo4DD
+nY0n9+kLX0bgIuS+2V6wpoRcbbbjXM9NHrH8kfe5ftT4UtEDlLI2qLX6IcDd7p4u
+OYjILChR8GSGTw96yIy2Ws/1Uq9PMw64JoT4RcK5QqnkcPMDFRH1SeLOL+zXP2c4
+nEl9yOy3HauZKxwl/Ry/XK1s3DdjopIAU29ut+hAuMiTb06kzZnumL9NoplKoZtU
+otw/gVcCKhT+Ep+p6i8InLF0XEME8A0qUR0niWebgQKBgQD6vkxR49B8ZZQrzjw4
+XKs1lI9cP7cgPiuWlDHMNjYou3WbOaGrMeScvbB1Ldh9A8pjAhxlw8AaV/xs4qcA
+trmVmSISVMVyc1wSGlJXWi2nUzTNs9OE3vj22SyStihf8UUZtWwX2b5Y4JrYhA/V
++ThGGqHR03oLNLShNLtJc2c7YQKBgQDZ1nkibEyrepexw/fnwkw61IJKq9wRIh1G
+PREakhbe9wU5ie0knuf9razt7awzQiwFmlixmWqsM7UEtLuXNnNPciwdrKhhbvrd
+vD/rkbIEHEPllIhFlDtOzn3hRBWTzWmXFjpou/2LvHTSbVis4IYVZymTp2jb1ZLs
+7VbiG9JTrQKBgQDc6n75g1szzpdehQT/r33U5j/syeJBUSU8NPMu9fB/sLHsgjlT
+SNEf2+y1QSBE/Or6kmiMrIv7advn30W+Vj9qc5HWTsPrk4HiHTjA553jl2alebN5
+lK4LZspjtIQcC8mS3goPdXPEgJdM/gWpwzr2YQ6DfOxBJT2j7n64NyoT4QKBgH7/
+yx+GhCx1DHtXBPDZFhg2TL+78lEK0oZgk9gp06up2CHzh44SFq6O0oLkTcCUk5Ww
+poTkLIy4mJBlzfgahp+KsK2cO46SZS9g0ONFzcMXt33hWpE2Gl2XhUwPpYTF/QlY
+rDTjZK5S8Mi9dzVSsNlJi7PJphiEK2R1+nFYRwcBAoGBANWoIG85jpXAOnq/Kcgx
+Rl3YivR0Ke6r1tFlP58rT7X3EkiboXyQl5vLIFCAwUte6RGrLl1dy3Qyh80B9ySL
+Jx6vj42CK7vgv6A96TuVYhnXTnEI6ZvwAQ2VGaw4BizhjALs/kdSE/og9aSCs3ws
+KQypwAFz0tbHxaNag/bSAN0J
+-----END PRIVATE KEY-----
diff --git a/crypto/openssl/apps/speed.c b/crypto/openssl/apps/speed.c
index 20149506cc746..d4ae7ab7bfded 100644
--- a/crypto/openssl/apps/speed.c
+++ b/crypto/openssl/apps/speed.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
@@ -1242,8 +1242,6 @@ static int run_benchmark(int async_jobs,
     OSSL_ASYNC_FD job_fd = 0;
     size_t num_job_fds = 0;
 
-    run = 1;
-
     if (async_jobs == 0) {
         return loop_function((void *)&loopargs);
     }
@@ -2412,7 +2410,7 @@ int speed_main(int argc, char **argv)
             print_message(names[D_CBC_128_CML], c[D_CBC_128_CML][testnum],
                           lengths[testnum], seconds.sym);
             Time_F(START);
-            for (count = 0, run = 1; COND(c[D_CBC_128_CML][testnum]); count++)
+            for (count = 0; COND(c[D_CBC_128_CML][testnum]); count++)
                 Camellia_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,
                                      (size_t)lengths[testnum], &camellia_ks1,
                                      iv, CAMELLIA_ENCRYPT);
@@ -2434,7 +2432,7 @@ int speed_main(int argc, char **argv)
                 exit(1);
             }
             Time_F(START);
-            for (count = 0, run = 1; COND(c[D_CBC_192_CML][testnum]); count++)
+            for (count = 0; COND(c[D_CBC_192_CML][testnum]); count++)
                 Camellia_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,
                                      (size_t)lengths[testnum], &camellia_ks2,
                                      iv, CAMELLIA_ENCRYPT);
@@ -2452,7 +2450,7 @@ int speed_main(int argc, char **argv)
             print_message(names[D_CBC_256_CML], c[D_CBC_256_CML][testnum],
                           lengths[testnum], seconds.sym);
             Time_F(START);
-            for (count = 0, run = 1; COND(c[D_CBC_256_CML][testnum]); count++)
+            for (count = 0; COND(c[D_CBC_256_CML][testnum]); count++)
                 Camellia_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,
                                      (size_t)lengths[testnum], &camellia_ks3,
                                      iv, CAMELLIA_ENCRYPT);
@@ -2472,7 +2470,7 @@ int speed_main(int argc, char **argv)
             print_message(names[D_CBC_IDEA], c[D_CBC_IDEA][testnum],
                           lengths[testnum], seconds.sym);
             Time_F(START);
-            for (count = 0, run = 1; COND(c[D_CBC_IDEA][testnum]); count++)
+            for (count = 0; COND(c[D_CBC_IDEA][testnum]); count++)
                 IDEA_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,
                                  (size_t)lengths[testnum], &idea_ks,
                                  iv, IDEA_ENCRYPT);
@@ -2492,7 +2490,7 @@ int speed_main(int argc, char **argv)
             print_message(names[D_CBC_SEED], c[D_CBC_SEED][testnum],
                           lengths[testnum], seconds.sym);
             Time_F(START);
-            for (count = 0, run = 1; COND(c[D_CBC_SEED][testnum]); count++)
+            for (count = 0; COND(c[D_CBC_SEED][testnum]); count++)
                 SEED_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,
                                  (size_t)lengths[testnum], &seed_ks, iv, 1);
             d = Time_F(STOP);
@@ -2515,7 +2513,7 @@ int speed_main(int argc, char **argv)
                 exit(1);
             }
             Time_F(START);
-            for (count = 0, run = 1; COND(c[D_CBC_RC2][testnum]); count++)
+            for (count = 0; COND(c[D_CBC_RC2][testnum]); count++)
                 RC2_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,
                                 (size_t)lengths[testnum], &rc2_ks,
                                 iv, RC2_ENCRYPT);
@@ -2539,7 +2537,7 @@ int speed_main(int argc, char **argv)
                 exit(1);
             }
             Time_F(START);
-            for (count = 0, run = 1; COND(c[D_CBC_RC5][testnum]); count++)
+            for (count = 0; COND(c[D_CBC_RC5][testnum]); count++)
                 RC5_32_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,
                                    (size_t)lengths[testnum], &rc5_ks,
                                    iv, RC5_ENCRYPT);
@@ -2559,7 +2557,7 @@ int speed_main(int argc, char **argv)
             print_message(names[D_CBC_BF], c[D_CBC_BF][testnum],
                           lengths[testnum], seconds.sym);
             Time_F(START);
-            for (count = 0, run = 1; COND(c[D_CBC_BF][testnum]); count++)
+            for (count = 0; COND(c[D_CBC_BF][testnum]); count++)
                 BF_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,
                                (size_t)lengths[testnum], &bf_ks,
                                iv, BF_ENCRYPT);
@@ -2579,7 +2577,7 @@ int speed_main(int argc, char **argv)
             print_message(names[D_CBC_CAST], c[D_CBC_CAST][testnum],
                           lengths[testnum], seconds.sym);
             Time_F(START);
-            for (count = 0, run = 1; COND(c[D_CBC_CAST][testnum]); count++)
+            for (count = 0; COND(c[D_CBC_CAST][testnum]); count++)
                 CAST_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,
                                  (size_t)lengths[testnum], &cast_ks,
                                  iv, CAST_ENCRYPT);
@@ -3006,7 +3004,7 @@ int speed_main(int argc, char **argv)
                 pctx = NULL;
             }
             if (kctx == NULL ||      /* keygen ctx is not null */
-                !EVP_PKEY_keygen_init(kctx) /* init keygen ctx */ ) {
+                EVP_PKEY_keygen_init(kctx) <= 0/* init keygen ctx */ ) {
                 ecdh_checks = 0;
                 BIO_printf(bio_err, "ECDH keygen failure.\n");
                 ERR_print_errors(bio_err);
@@ -3014,12 +3012,12 @@ int speed_main(int argc, char **argv)
                 break;
             }
 
-            if (!EVP_PKEY_keygen(kctx, &key_A) || /* generate secret key A */
-                !EVP_PKEY_keygen(kctx, &key_B) || /* generate secret key B */
+            if (EVP_PKEY_keygen(kctx, &key_A) <= 0 || /* generate secret key A */
+                EVP_PKEY_keygen(kctx, &key_B) <= 0 || /* generate secret key B */
                 !(ctx = EVP_PKEY_CTX_new(key_A, NULL)) || /* derivation ctx from skeyA */
-                !EVP_PKEY_derive_init(ctx) || /* init derivation ctx */
-                !EVP_PKEY_derive_set_peer(ctx, key_B) || /* set peer pubkey in ctx */
-                !EVP_PKEY_derive(ctx, NULL, &outlen) || /* determine max length */
+                EVP_PKEY_derive_init(ctx) <= 0 || /* init derivation ctx */
+                EVP_PKEY_derive_set_peer(ctx, key_B) <= 0 || /* set peer pubkey in ctx */
+                EVP_PKEY_derive(ctx, NULL, &outlen) <= 0 || /* determine max length */
                 outlen == 0 ||  /* ensure outlen is a valid size */
                 outlen > MAX_ECDH_SIZE /* avoid buffer overflow */ ) {
                 ecdh_checks = 0;
@@ -3106,8 +3104,8 @@ int speed_main(int argc, char **argv)
 
             if ((ed_pctx = EVP_PKEY_CTX_new_id(test_ed_curves[testnum].nid, NULL))
                     == NULL
-                || !EVP_PKEY_keygen_init(ed_pctx)
-                || !EVP_PKEY_keygen(ed_pctx, &ed_pkey)) {
+                || EVP_PKEY_keygen_init(ed_pctx) <= 0
+                || EVP_PKEY_keygen(ed_pctx, &ed_pkey) <= 0) {
                 st = 0;
                 EVP_PKEY_CTX_free(ed_pctx);
                 break;
@@ -3395,6 +3393,7 @@ static void print_message(const char *s, long num, int length, int tm)
                mr ? "+DT:%s:%d:%d\n"
                : "Doing %s for %ds on %d size blocks: ", s, tm, length);
     (void)BIO_flush(bio_err);
+    run = 1;
     alarm(tm);
 #else
     BIO_printf(bio_err,
@@ -3412,6 +3411,7 @@ static void pkey_print_message(const char *str, const char *str2, long num,
                mr ? "+DTP:%d:%s:%s:%d\n"
                : "Doing %u bits %s %s's for %ds: ", bits, str, str2, tm);
     (void)BIO_flush(bio_err);
+    run = 1;
     alarm(tm);
 #else
     BIO_printf(bio_err,
@@ -3584,6 +3584,7 @@ static int do_multi(int multi, int size_num)
                 p = buf + 4;
                 k = atoi(sstrsep(&p, sep));
                 sstrsep(&p, sep);
+                sstrsep(&p, sep);
 
                 d = atof(sstrsep(&p, sep));
                 eddsa_results[k][0] += d;
@@ -3641,7 +3642,7 @@ static void multiblock_speed(const EVP_CIPHER *evp_cipher, int lengths_single,
     for (j = 0; j < num; j++) {
         print_message(alg_name, 0, mblengths[j], seconds->sym);
         Time_F(START);
-        for (count = 0, run = 1; run && count < 0x7fffffff; count++) {
+        for (count = 0; run && count < 0x7fffffff; count++) {
             unsigned char aad[EVP_AEAD_TLS1_AAD_LEN];
             EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM mb_param;
             size_t len = mblengths[j];
diff --git a/crypto/openssl/apps/timeouts.h b/crypto/openssl/apps/timeouts.h
index e023b0aa49209..7e606cba0b20a 100644
--- a/crypto/openssl/apps/timeouts.h
+++ b/crypto/openssl/apps/timeouts.h
@@ -7,11 +7,11 @@
  * https://www.openssl.org/source/license.html
  */
 
-#ifndef INCLUDED_TIMEOUTS_H
-# define INCLUDED_TIMEOUTS_H
+#ifndef OSSL_APPS_TIMEOUTS_H
+# define OSSL_APPS_TIMEOUTS_H
 
 /* numbers in us */
 # define DGRAM_RCV_TIMEOUT         250000
 # define DGRAM_SND_TIMEOUT         250000
 
-#endif                          /* ! INCLUDED_TIMEOUTS_H */
+#endif                          /* ! OSSL_APPS_TIMEOUTS_H */
diff --git a/crypto/openssl/apps/ts.c b/crypto/openssl/apps/ts.c
index 930c1daaab6d4..44a8f75d4a370 100644
--- a/crypto/openssl/apps/ts.c
+++ b/crypto/openssl/apps/ts.c
@@ -282,7 +282,8 @@ int ts_main(int argc, char **argv)
         goto end;
     }
 
-    conf = load_config_file(configfile);
+    if ((conf = load_config_file(configfile)) == NULL)
+        goto end;
     if (configfile != default_config_file && !app_load_modules(conf))
         goto end;
 
diff --git a/crypto/openssl/apps/x509.c b/crypto/openssl/apps/x509.c
index 81291a9a4f90f..5bb110fe4a0a3 100644
--- a/crypto/openssl/apps/x509.c
+++ b/crypto/openssl/apps/x509.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -72,7 +72,7 @@ const OPTIONS x509_options[] = {
     {"outform", OPT_OUTFORM, 'f',
      "Output format - default PEM (one of DER or PEM)"},
     {"out", OPT_OUT, '>', "Output file - default stdout"},
-    {"keyform", OPT_KEYFORM, 'F', "Private key format - default PEM"},
+    {"keyform", OPT_KEYFORM, 'E', "Private key format - default PEM"},
     {"passin", OPT_PASSIN, 's', "Private key password/pass-phrase source"},
     {"serial", OPT_SERIAL, '-', "Print serial number value"},
     {"subject_hash", OPT_HASH, '-', "Print subject hash value"},
@@ -107,7 +107,7 @@ const OPTIONS x509_options[] = {
     {"checkend", OPT_CHECKEND, 'M',
      "Check whether the cert expires in the next arg seconds"},
     {OPT_MORE_STR, 1, 1, "Exit 1 if so, 0 if not"},
-    {"signkey", OPT_SIGNKEY, '<', "Self sign cert with arg"},
+    {"signkey", OPT_SIGNKEY, 's', "Self sign cert with arg"},
     {"x509toreq", OPT_X509TOREQ, '-',
      "Output a certification request object"},
     {"req", OPT_REQ, '-', "Input is a certificate request, sign and output"},
@@ -130,7 +130,7 @@ const OPTIONS x509_options[] = {
     {"checkemail", OPT_CHECKEMAIL, 's', "Check certificate matches email"},
     {"checkip", OPT_CHECKIP, 's', "Check certificate matches ipaddr"},
     {"CAform", OPT_CAFORM, 'F', "CA format - default PEM"},
-    {"CAkeyform", OPT_CAKEYFORM, 'f', "CA key format - default PEM"},
+    {"CAkeyform", OPT_CAKEYFORM, 'E', "CA key format - default PEM"},
     {"sigopt", OPT_SIGOPT, 's', "Signature parameter in n:v form"},
     {"force_pubkey", OPT_FORCE_PUBKEY, '<', "Force the Key to put inside certificate"},
     {"next_serial", OPT_NEXT_SERIAL, '-', "Increment current certificate serial number"},
@@ -217,7 +217,7 @@ int x509_main(int argc, char **argv)
                 goto opthelp;
             break;
         case OPT_KEYFORM:
-            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &keyformat))
+            if (!opt_format(opt_arg(), OPT_FMT_PDE, &keyformat))
                 goto opthelp;
             break;
         case OPT_CAFORM:
@@ -225,7 +225,7 @@ int x509_main(int argc, char **argv)
                 goto opthelp;
             break;
         case OPT_CAKEYFORM:
-            if (!opt_format(opt_arg(), OPT_FMT_ANY, &CAkeyformat))
+            if (!opt_format(opt_arg(), OPT_FMT_PDE, &CAkeyformat))
                 goto opthelp;
             break;
         case OPT_OUT:
diff --git a/crypto/openssl/appveyor.yml b/crypto/openssl/appveyor.yml
index 24966c0faa5ce..242d6a9ffe6fd 100644
--- a/crypto/openssl/appveyor.yml
+++ b/crypto/openssl/appveyor.yml
@@ -1,3 +1,6 @@
+image:
+  - Visual Studio 2017
+
 platform:
     - x64
     - x86
@@ -5,17 +8,24 @@ platform:
 environment:
     fast_finish: true
     matrix:
-        - VSVER: 14
+        - VSVER: 15
 
 configuration:
     - shared
     - plain
+    - minimal
 
 before_build:
     - ps: >-
+        Install-Module VSSetup -Scope CurrentUser
+    - ps: >-
+        Get-VSSetupInstance -All
+    - ps: >-
+        gci env:* | sort-object name
+    - ps: >-
         If ($env:Platform -Match "x86") {
             $env:VCVARS_PLATFORM="x86"
-            $env:TARGET="VC-WIN32 no-asm"
+            $env:TARGET="VC-WIN32 no-asm --strict-warnings"
         } Else {
             $env:VCVARS_PLATFORM="amd64"
             $env:TARGET="VC-WIN64A-masm"
@@ -23,11 +33,12 @@ before_build:
     - ps: >-
         If ($env:Configuration -Match "shared") {
             $env:SHARED="no-makedepend"
+        } ElseIf ($env:Configuration -Match "minimal") {
+            $env:SHARED="no-shared no-dso no-makedepend no-aria no-async no-autoload-config no-blake2 no-bf no-camellia no-cast no-chacha no-cmac no-cms no-comp no-ct no-des no-dgram no-dh no-dsa no-dtls no-ec2m no-engine no-filenames no-gost no-idea no-mdc2 no-md4 no-multiblock no-nextprotoneg no-ocsp no-ocb no-poly1305 no-psk no-rc2 no-rc4 no-rmd160 no-seed no-siphash no-sm2 no-sm3 no-sm4 no-srp no-srtp no-ssl3 no-ssl3-method no-ts no-ui-console no-whirlpool no-asm -DOPENSSL_SMALL_FOOTPRINT"
         } Else {
             $env:SHARED="no-shared no-makedepend"
         }
-    - ps: $env:VSCOMNTOOLS=(Get-Content ("env:VS" + "$env:VSVER" + "0COMNTOOLS"))
-    - call "%VSCOMNTOOLS%\..\..\VC\vcvarsall.bat" %VCVARS_PLATFORM%
+    - call "C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\VC\Auxiliary\Build\vcvarsall.bat" %VCVARS_PLATFORM%
     - mkdir _build
     - cd _build
     - perl ..\Configure %TARGET% %SHARED%
diff --git a/crypto/openssl/build.info b/crypto/openssl/build.info
index 3dda4e89bf5cc..05c9bdd19c566 100644
--- a/crypto/openssl/build.info
+++ b/crypto/openssl/build.info
@@ -9,20 +9,20 @@
      "";
 -}
 LIBS=libcrypto libssl
-INCLUDE[libcrypto]=. crypto/include include
+INCLUDE[libcrypto]=. include
 INCLUDE[libssl]=. include
 DEPEND[libssl]=libcrypto
 
 # Empty DEPEND "indices" means the dependencies are expected to be built
 # unconditionally before anything else.
-DEPEND[]=include/openssl/opensslconf.h crypto/include/internal/bn_conf.h \
-         crypto/include/internal/dso_conf.h
+DEPEND[]=include/openssl/opensslconf.h include/crypto/bn_conf.h \
+         include/crypto/dso_conf.h
 DEPEND[include/openssl/opensslconf.h]=configdata.pm
 GENERATE[include/openssl/opensslconf.h]=include/openssl/opensslconf.h.in
-DEPEND[crypto/include/internal/bn_conf.h]=configdata.pm
-GENERATE[crypto/include/internal/bn_conf.h]=crypto/include/internal/bn_conf.h.in
-DEPEND[crypto/include/internal/dso_conf.h]=configdata.pm
-GENERATE[crypto/include/internal/dso_conf.h]=crypto/include/internal/dso_conf.h.in
+DEPEND[include/crypto/bn_conf.h]=configdata.pm
+GENERATE[include/crypto/bn_conf.h]=include/crypto/bn_conf.h.in
+DEPEND[include/crypto/dso_conf.h]=configdata.pm
+GENERATE[include/crypto/dso_conf.h]=include/crypto/dso_conf.h.in
 
 IF[{- defined $target{shared_defflag} -}]
   IF[{- $config{target} =~ /^mingw/ -}]
diff --git a/crypto/openssl/config b/crypto/openssl/config
index c1a94d4e42fae..f28828d4826ee 100755
--- a/crypto/openssl/config
+++ b/crypto/openssl/config
@@ -1,5 +1,5 @@
 #!/bin/sh
-# Copyright 1998-2019 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 1998-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -509,10 +509,7 @@ case "$GUESSOS" in
 	OUT="ios64-cross" ;;
   alpha-*-linux2)
         ISA=`awk '/cpu model/{print$4;exit(0);}' /proc/cpuinfo`
-	case ${ISA:-generic} in
-	*[678])	OUT="linux-alpha+bwx-$CC" ;;
-	*)	OUT="linux-alpha-$CC" ;;
-	esac
+	OUT="linux-alpha-$CC"
 	if [ "$CC" = "gcc" ]; then
 	    case ${ISA:-generic} in
 	    EV5|EV45)		__CNF_CFLAGS="$__CNF_CFLAGS -mcpu=ev5"
@@ -908,8 +905,12 @@ fi
 
 OUT="$OUT"
 
-$PERL $THERE/Configure LIST | grep "$OUT" > /dev/null
-if [ $? = "0" ]; then
+if [ "$OUT" = "darwin64-x86_64-cc" ]; then
+    echo "WARNING! If you wish to build 32-bit libraries, then you have to"
+    echo "         invoke 'KERNEL_BITS=32 $THERE/config $options'."
+fi
+
+if $PERL $THERE/Configure LIST | grep "$OUT" > /dev/null; then
   if [ "$VERBOSE" = "true" ]; then
     echo /usr/bin/env \
 	 __CNF_CPPDEFINES="'$__CNF_CPPDEFINES'" \
@@ -939,8 +940,5 @@ else
   exit 1
 fi
 
-if [ "$OUT" = "darwin64-x86_64-cc" ]; then
-    echo "WARNING! If you wish to build 32-bit libraries, then you have to"
-    echo "         invoke 'KERNEL_BITS=32 $THERE/config $options'."
-fi
+# Do not add anothing from here on, so we don't lose the Configure exit code
 )
diff --git a/crypto/openssl/crypto/LPdir_unix.c b/crypto/openssl/crypto/LPdir_unix.c
index b1022895c8554..bbbec0aee138a 100644
--- a/crypto/openssl/crypto/LPdir_unix.c
+++ b/crypto/openssl/crypto/LPdir_unix.c
@@ -131,9 +131,8 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
         return 0;
     }
 
-    strncpy((*ctx)->entry_name, direntry->d_name,
-            sizeof((*ctx)->entry_name) - 1);
-    (*ctx)->entry_name[sizeof((*ctx)->entry_name) - 1] = '\0';
+    OPENSSL_strlcpy((*ctx)->entry_name, direntry->d_name,
+                    sizeof((*ctx)->entry_name));
 #ifdef __VMS
     if ((*ctx)->expect_file_generations) {
         char *p = (*ctx)->entry_name + strlen((*ctx)->entry_name);
diff --git a/crypto/openssl/crypto/aes/aes_core.c b/crypto/openssl/crypto/aes/aes_core.c
index f1f11fd8de7bf..e3e688f528a5d 100644
--- a/crypto/openssl/crypto/aes/aes_core.c
+++ b/crypto/openssl/crypto/aes/aes_core.c
@@ -41,7 +41,7 @@
 #include <stdlib.h>
 #include <openssl/crypto.h>
 #include <openssl/aes.h>
-#include "aes_locl.h"
+#include "aes_local.h"
 
 #ifndef AES_ASM
 /*-
diff --git a/crypto/openssl/crypto/aes/aes_ecb.c b/crypto/openssl/crypto/aes/aes_ecb.c
index 29bfc1ad66f7a..4fa360ca8b8d7 100644
--- a/crypto/openssl/crypto/aes/aes_ecb.c
+++ b/crypto/openssl/crypto/aes/aes_ecb.c
@@ -10,7 +10,7 @@
 #include <assert.h>
 
 #include <openssl/aes.h>
-#include "aes_locl.h"
+#include "aes_local.h"
 
 void AES_ecb_encrypt(const unsigned char *in, unsigned char *out,
                      const AES_KEY *key, const int enc)
diff --git a/crypto/openssl/crypto/aes/aes_ige.c b/crypto/openssl/crypto/aes/aes_ige.c
index 75f796cf3b8fb..dce4ef11be4f7 100644
--- a/crypto/openssl/crypto/aes/aes_ige.c
+++ b/crypto/openssl/crypto/aes/aes_ige.c
@@ -10,7 +10,7 @@
 #include "internal/cryptlib.h"
 
 #include <openssl/aes.h>
-#include "aes_locl.h"
+#include "aes_local.h"
 
 #define N_WORDS (AES_BLOCK_SIZE / sizeof(unsigned long))
 typedef struct {
diff --git a/crypto/openssl/crypto/aes/aes_locl.h b/crypto/openssl/crypto/aes/aes_local.h
index adee29df8d91a..cc8456861d928 100644
--- a/crypto/openssl/crypto/aes/aes_locl.h
+++ b/crypto/openssl/crypto/aes/aes_local.h
@@ -7,8 +7,8 @@
  * https://www.openssl.org/source/license.html
  */
 
-#ifndef HEADER_AES_LOCL_H
-# define HEADER_AES_LOCL_H
+#ifndef OSSL_CRYPTO_AES_LOCAL_H
+# define OSSL_CRYPTO_AES_LOCAL_H
 
 # include <openssl/e_os2.h>
 # include <stdio.h>
@@ -39,4 +39,4 @@ typedef unsigned char u8;
 /* This controls loop-unrolling in aes_core.c */
 # undef FULL_UNROLL
 
-#endif                          /* !HEADER_AES_LOCL_H */
+#endif                          /* !OSSL_CRYPTO_AES_LOCAL_H */
diff --git a/crypto/openssl/crypto/aes/aes_misc.c b/crypto/openssl/crypto/aes/aes_misc.c
index 7403c84f82d24..e0edc72ba71cc 100644
--- a/crypto/openssl/crypto/aes/aes_misc.c
+++ b/crypto/openssl/crypto/aes/aes_misc.c
@@ -9,7 +9,7 @@
 
 #include <openssl/opensslv.h>
 #include <openssl/aes.h>
-#include "aes_locl.h"
+#include "aes_local.h"
 
 const char *AES_options(void)
 {
diff --git a/crypto/openssl/crypto/aes/aes_x86core.c b/crypto/openssl/crypto/aes/aes_x86core.c
index 1b660d716d6c1..50b53abc12195 100644
--- a/crypto/openssl/crypto/aes/aes_x86core.c
+++ b/crypto/openssl/crypto/aes/aes_x86core.c
@@ -46,7 +46,7 @@
 
 #include <stdlib.h>
 #include <openssl/aes.h>
-#include "aes_locl.h"
+#include "aes_local.h"
 
 /*
  * These two parameters control which table, 256-byte or 2KB, is
diff --git a/crypto/openssl/crypto/aes/asm/aes-armv4.pl b/crypto/openssl/crypto/aes/asm/aes-armv4.pl
index 998158998e906..1112eef50c0b3 100755
--- a/crypto/openssl/crypto/aes/asm/aes-armv4.pl
+++ b/crypto/openssl/crypto/aes/asm/aes-armv4.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -1242,4 +1242,4 @@ while(<SELF>) {
 close SELF;
 
 print $code;
-close STDOUT;	# enforce flush
+close STDOUT or die "error closing STDOUT: $!";	# enforce flush
diff --git a/crypto/openssl/crypto/aes/asm/aes-c64xplus.pl b/crypto/openssl/crypto/aes/asm/aes-c64xplus.pl
index 19d2cc176fb2b..cad3fcd06e367 100755
--- a/crypto/openssl/crypto/aes/asm/aes-c64xplus.pl
+++ b/crypto/openssl/crypto/aes/asm/aes-c64xplus.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -1379,4 +1379,4 @@ AES_Td4:
 ___
 
 print $code;
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/aes/asm/aes-mips.pl b/crypto/openssl/crypto/aes/asm/aes-mips.pl
index 716c3356ead90..b5601e90ea3fd 100755
--- a/crypto/openssl/crypto/aes/asm/aes-mips.pl
+++ b/crypto/openssl/crypto/aes/asm/aes-mips.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -2167,4 +2167,4 @@ foreach (split("\n",$code)) {
 	print $_,"\n";
 }
 
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/aes/asm/aes-parisc.pl b/crypto/openssl/crypto/aes/asm/aes-parisc.pl
index e817c757f8c28..5b07fac3d004b 100755
--- a/crypto/openssl/crypto/aes/asm/aes-parisc.pl
+++ b/crypto/openssl/crypto/aes/asm/aes-parisc.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2009-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -1035,4 +1035,4 @@ foreach (split("\n",$code)) {
 
 	print $_,"\n";
 }
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/aes/asm/aes-ppc.pl b/crypto/openssl/crypto/aes/asm/aes-ppc.pl
index ca69df4c3e95b..bb4ee84ae3374 100755
--- a/crypto/openssl/crypto/aes/asm/aes-ppc.pl
+++ b/crypto/openssl/crypto/aes/asm/aes-ppc.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -1456,4 +1456,4 @@ ___
 
 $code =~ s/\`([^\`]*)\`/eval $1/gem;
 print $code;
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/aes/asm/aes-s390x.pl b/crypto/openssl/crypto/aes/asm/aes-s390x.pl
index 815fde8fcd7e2..4cb8f43317428 100755
--- a/crypto/openssl/crypto/aes/asm/aes-s390x.pl
+++ b/crypto/openssl/crypto/aes/asm/aes-s390x.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2007-2019 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -1987,7 +1987,7 @@ $code.=<<___;
 
 .Lxts_enc_done:
 	stg	$sp,$tweak+0($sp)	# wipe tweak
-	stg	$sp,$twesk+8($sp)
+	stg	$sp,$tweak+8($sp)
 	lm${g}	%r6,$ra,6*$SIZE_T($sp)
 	br	$ra
 .size	AES_xts_encrypt,.-AES_xts_encrypt
@@ -2267,7 +2267,7 @@ $code.=<<___;
 	stg	$sp,$tweak-16+8($sp)
 .Lxts_dec_done:
 	stg	$sp,$tweak+0($sp)	# wipe tweak
-	stg	$sp,$twesk+8($sp)
+	stg	$sp,$tweak+8($sp)
 	lm${g}	%r6,$ra,6*$SIZE_T($sp)
 	br	$ra
 .size	AES_xts_decrypt,.-AES_xts_decrypt
@@ -2279,4 +2279,4 @@ ___
 
 $code =~ s/\`([^\`]*)\`/eval $1/gem;
 print $code;
-close STDOUT;	# force flush
+close STDOUT or die "error closing STDOUT: $!";	# force flush
diff --git a/crypto/openssl/crypto/aes/asm/aes-sparcv9.pl b/crypto/openssl/crypto/aes/asm/aes-sparcv9.pl
index 40d1f94ccd721..1b37a9203c275 100755
--- a/crypto/openssl/crypto/aes/asm/aes-sparcv9.pl
+++ b/crypto/openssl/crypto/aes/asm/aes-sparcv9.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -1189,4 +1189,4 @@ ___
 $code =~ s/fmovs.*$//gm;
 
 print $code;
-close STDOUT;	# ensure flush
+close STDOUT or die "error closing STDOUT: $!";	# ensure flush
diff --git a/crypto/openssl/crypto/aes/asm/aesfx-sparcv9.pl b/crypto/openssl/crypto/aes/asm/aesfx-sparcv9.pl
index 9ddf0b4b00ecb..1678c4f786f2c 100755
--- a/crypto/openssl/crypto/aes/asm/aesfx-sparcv9.pl
+++ b/crypto/openssl/crypto/aes/asm/aesfx-sparcv9.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -1267,4 +1267,4 @@ foreach (split("\n",$code)) {
     print $_,"\n";
 }
 
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/aes/asm/aesni-mb-x86_64.pl b/crypto/openssl/crypto/aes/asm/aesni-mb-x86_64.pl
index 1f356d2d3fbb6..be2434f120415 100755
--- a/crypto/openssl/crypto/aes/asm/aesni-mb-x86_64.pl
+++ b/crypto/openssl/crypto/aes/asm/aesni-mb-x86_64.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2013-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -70,7 +70,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
 	$avx = ($1>=10) + ($1>=11);
 }
 
-if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/) {
+if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([0-9]+\.[0-9]+)/) {
 	$avx = ($2>=3.0) + ($2>3.0);
 }
 
@@ -1471,4 +1471,4 @@ $code =~ s/\`([^\`]*)\`/eval($1)/gem;
 $code =~ s/\b(aes.*%xmm[0-9]+).*$/aesni($1)/gem;
 
 print $code;
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/aes/asm/aesni-sha1-x86_64.pl b/crypto/openssl/crypto/aes/asm/aesni-sha1-x86_64.pl
index b01a4c55c86ae..42fe5d469ea6c 100755
--- a/crypto/openssl/crypto/aes/asm/aesni-sha1-x86_64.pl
+++ b/crypto/openssl/crypto/aes/asm/aesni-sha1-x86_64.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -108,7 +108,7 @@ $avx=1 if (!$avx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) &&
 $avx=1 if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
 	   `ml64 2>&1` =~ /Version ([0-9]+)\./ &&
 	   $1>=10);
-$avx=1 if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/ && $2>=3.0);
+$avx=1 if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([0-9]+\.[0-9]+)/ && $2>=3.0);
 
 $shaext=1;	### set to zero if compiling for 1.0.1
 
@@ -133,6 +133,7 @@ $code.=<<___;
 .type	aesni_cbc_sha1_enc,\@abi-omnipotent
 .align	32
 aesni_cbc_sha1_enc:
+.cfi_startproc
 	# caller should check for SSSE3 and AES-NI bits
 	mov	OPENSSL_ia32cap_P+0(%rip),%r10d
 	mov	OPENSSL_ia32cap_P+4(%rip),%r11
@@ -151,6 +152,7 @@ ___
 $code.=<<___;
 	jmp	aesni_cbc_sha1_enc_ssse3
 	ret
+.cfi_endproc
 .size	aesni_cbc_sha1_enc,.-aesni_cbc_sha1_enc
 ___
 
@@ -840,6 +842,7 @@ $code.=<<___;
 .type	aesni256_cbc_sha1_dec,\@abi-omnipotent
 .align	32
 aesni256_cbc_sha1_dec:
+.cfi_startproc
 	# caller should check for SSSE3 and AES-NI bits
 	mov	OPENSSL_ia32cap_P+0(%rip),%r10d
 	mov	OPENSSL_ia32cap_P+4(%rip),%r11d
@@ -854,6 +857,7 @@ ___
 $code.=<<___;
 	jmp	aesni256_cbc_sha1_dec_ssse3
 	ret
+.cfi_endproc
 .size	aesni256_cbc_sha1_dec,.-aesni256_cbc_sha1_dec
 
 .type	aesni256_cbc_sha1_dec_ssse3,\@function,6
@@ -1760,6 +1764,7 @@ $code.=<<___;
 .type	aesni_cbc_sha1_enc_shaext,\@function,6
 .align	32
 aesni_cbc_sha1_enc_shaext:
+.cfi_startproc
 	mov	`($win64?56:8)`(%rsp),$inp	# load 7th argument
 ___
 $code.=<<___ if ($win64);
@@ -1911,6 +1916,7 @@ $code.=<<___ if ($win64);
 ___
 $code.=<<___;
 	ret
+.cfi_endproc
 .size	aesni_cbc_sha1_enc_shaext,.-aesni_cbc_sha1_enc_shaext
 ___
 						}}}
@@ -2137,4 +2143,4 @@ foreach (split("\n",$code)) {
 
 	print $_,"\n";
 }
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/aes/asm/aesni-sha256-x86_64.pl b/crypto/openssl/crypto/aes/asm/aesni-sha256-x86_64.pl
index ef460237108ec..f1b144eccbdd1 100755
--- a/crypto/openssl/crypto/aes/asm/aesni-sha256-x86_64.pl
+++ b/crypto/openssl/crypto/aes/asm/aesni-sha256-x86_64.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2013-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -70,7 +70,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
 	$avx = ($1>=10) + ($1>=12);
 }
 
-if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/) {
+if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([0-9]+\.[0-9]+)/) {
 	$avx = ($2>=3.0) + ($2>3.0);
 }
 
@@ -123,6 +123,7 @@ $code=<<___;
 .type	$func,\@abi-omnipotent
 .align	16
 $func:
+.cfi_startproc
 ___
 						if ($avx) {
 $code.=<<___;
@@ -162,6 +163,7 @@ $code.=<<___;
 	ud2
 .Lprobe:
 	ret
+.cfi_endproc
 .size	$func,.-$func
 
 .align	64
@@ -1084,7 +1086,23 @@ $code.=<<___;
 	vmovdqa	$t0,0x00(%rsp)
 	xor	$a1,$a1
 	vmovdqa	$t1,0x20(%rsp)
+___
+$code.=<<___ if (!$win64);
+# temporarily use %rsi as frame pointer
+        mov     $_rsp,%rsi
+.cfi_def_cfa    %rsi,8
+___
+$code.=<<___;
 	lea	-$PUSH8(%rsp),%rsp
+___
+$code.=<<___ if (!$win64);
+# the frame info is at $_rsp, but the stack is moving...
+# so a second frame pointer is saved at -8(%rsp)
+# that is in the red zone
+        mov     %rsi,-8(%rsp)
+.cfi_cfa_expression     %rsp-8,deref,+8
+___
+$code.=<<___;
 	mov	$B,$a3
 	vmovdqa	$t2,0x00(%rsp)
 	xor	$C,$a3			# magic
@@ -1106,7 +1124,17 @@ my @X = @_;
 my @insns = (&$body,&$body,&$body,&$body);	# 96 instructions
 my $base = "+2*$PUSH8(%rsp)";
 
-	&lea	("%rsp","-$PUSH8(%rsp)")	if (($j%2)==0);
+	if (($j%2)==0) {
+	&lea	("%rsp","-$PUSH8(%rsp)");
+$code.=<<___ if (!$win64);
+.cfi_cfa_expression     %rsp+`$PUSH8-8`,deref,+8
+# copy secondary frame pointer to new location again at -8(%rsp)
+        pushq   $PUSH8-8(%rsp)
+.cfi_cfa_expression     %rsp,deref,+8
+        lea     8(%rsp),%rsp
+.cfi_cfa_expression     %rsp-8,deref,+8
+___
+	}
 	foreach (Xupdate_256_AVX()) {		# 29 instructions
 	    eval;
 	    eval(shift(@insns));
@@ -1232,26 +1260,28 @@ $code.=<<___;
 
 	jbe	.Loop_avx2
 	lea	(%rsp),$Tbl
+# temporarily use $Tbl as index to $_rsp
+# this avoids the need to save a secondary frame pointer at -8(%rsp)
+.cfi_cfa_expression     $Tbl+`16*$SZ+7*8`,deref,+8
 
 .Ldone_avx2:
-	lea	($Tbl),%rsp
-	mov	$_ivp,$ivp
-	mov	$_rsp,%rsi
+	mov	16*$SZ+4*8($Tbl),$ivp
+	mov	16*$SZ+7*8($Tbl),%rsi
 .cfi_def_cfa	%rsi,8
 	vmovdqu	$iv,($ivp)		# output IV
 	vzeroall
 ___
 $code.=<<___ if ($win64);
-	movaps	`$framesz+16*0`(%rsp),%xmm6
-	movaps	`$framesz+16*1`(%rsp),%xmm7
-	movaps	`$framesz+16*2`(%rsp),%xmm8
-	movaps	`$framesz+16*3`(%rsp),%xmm9
-	movaps	`$framesz+16*4`(%rsp),%xmm10
-	movaps	`$framesz+16*5`(%rsp),%xmm11
-	movaps	`$framesz+16*6`(%rsp),%xmm12
-	movaps	`$framesz+16*7`(%rsp),%xmm13
-	movaps	`$framesz+16*8`(%rsp),%xmm14
-	movaps	`$framesz+16*9`(%rsp),%xmm15
+	movaps	`$framesz+16*0`($Tbl),%xmm6
+	movaps	`$framesz+16*1`($Tbl),%xmm7
+	movaps	`$framesz+16*2`($Tbl),%xmm8
+	movaps	`$framesz+16*3`($Tbl),%xmm9
+	movaps	`$framesz+16*4`($Tbl),%xmm10
+	movaps	`$framesz+16*5`($Tbl),%xmm11
+	movaps	`$framesz+16*6`($Tbl),%xmm12
+	movaps	`$framesz+16*7`($Tbl),%xmm13
+	movaps	`$framesz+16*8`($Tbl),%xmm14
+	movaps	`$framesz+16*9`($Tbl),%xmm15
 ___
 $code.=<<___;
 	mov	-48(%rsi),%r15
@@ -1339,6 +1369,7 @@ $code.=<<___;
 .type	${func}_shaext,\@function,6
 .align	32
 ${func}_shaext:
+.cfi_startproc
 	mov	`($win64?56:8)`(%rsp),$inp	# load 7th argument
 ___
 $code.=<<___ if ($win64);
@@ -1555,6 +1586,7 @@ $code.=<<___ if ($win64);
 ___
 $code.=<<___;
 	ret
+.cfi_endproc
 .size	${func}_shaext,.-${func}_shaext
 ___
 }
@@ -1767,4 +1799,4 @@ sub rex {
 $code =~ s/\`([^\`]*)\`/eval $1/gem;
 $code =~ s/\b(sha256[^\s]*)\s+(.*)/sha256op38($1,$2)/gem;
 print $code;
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/aes/asm/aesni-x86.pl b/crypto/openssl/crypto/aes/asm/aesni-x86.pl
index b351fca28e023..fe2b26542ab6c 100755
--- a/crypto/openssl/crypto/aes/asm/aesni-x86.pl
+++ b/crypto/openssl/crypto/aes/asm/aesni-x86.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -3412,4 +3412,4 @@ my ($l_,$block,$i1,$i3,$i5) = ($rounds_,$key_,$rounds,$len,$out);
 
 &asm_finish();
 
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/aes/asm/aesni-x86_64.pl b/crypto/openssl/crypto/aes/asm/aesni-x86_64.pl
index b68c14da60ca1..f8c2e2393438c 100755
--- a/crypto/openssl/crypto/aes/asm/aesni-x86_64.pl
+++ b/crypto/openssl/crypto/aes/asm/aesni-x86_64.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2009-2019 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -59,7 +59,7 @@
 # nothing one can do and the result appears optimal. CCM result is
 # identical to CBC, because CBC-MAC is essentially CBC encrypt without
 # saving output. CCM CTR "stays invisible," because it's neatly
-# interleaved wih CBC-MAC. This provides ~30% improvement over
+# interleaved with CBC-MAC. This provides ~30% improvement over
 # "straightforward" CCM implementation with CTR and CBC-MAC performed
 # disjointly. Parallelizable modes practically achieve the theoretical
 # limit.
@@ -984,6 +984,7 @@ $code.=<<___;
 .type	aesni_ccm64_encrypt_blocks,\@function,6
 .align	16
 aesni_ccm64_encrypt_blocks:
+.cfi_startproc
 ___
 $code.=<<___ if ($win64);
 	lea	-0x58(%rsp),%rsp
@@ -1066,6 +1067,7 @@ $code.=<<___ if ($win64);
 ___
 $code.=<<___;
 	ret
+.cfi_endproc
 .size	aesni_ccm64_encrypt_blocks,.-aesni_ccm64_encrypt_blocks
 ___
 ######################################################################
@@ -1074,6 +1076,7 @@ $code.=<<___;
 .type	aesni_ccm64_decrypt_blocks,\@function,6
 .align	16
 aesni_ccm64_decrypt_blocks:
+.cfi_startproc
 ___
 $code.=<<___ if ($win64);
 	lea	-0x58(%rsp),%rsp
@@ -1173,6 +1176,7 @@ $code.=<<___ if ($win64);
 ___
 $code.=<<___;
 	ret
+.cfi_endproc
 .size	aesni_ccm64_decrypt_blocks,.-aesni_ccm64_decrypt_blocks
 ___
 }
@@ -2339,7 +2343,7 @@ $code.=<<___;
 	movdqu	`16*0`($inp),$inout0		# load input
 	movdqa	$rndkey0,$twmask
 	movdqu	`16*1`($inp),$inout1
-	pxor	@tweak[0],$inout0		# intput^=tweak^round[0]
+	pxor	@tweak[0],$inout0		# input^=tweak^round[0]
 	movdqu	`16*2`($inp),$inout2
 	pxor	@tweak[1],$inout1
 	 aesdec		$rndkey1,$inout0
@@ -3031,6 +3035,7 @@ $code.=<<___;
 .type	__ocb_encrypt6,\@abi-omnipotent
 .align	32
 __ocb_encrypt6:
+.cfi_startproc
 	 pxor		$rndkey0l,@offset[5]	# offset_i ^ round[0]
 	 movdqu		($L_p,$i1),@offset[1]
 	 movdqa		@offset[0],@offset[2]
@@ -3128,11 +3133,13 @@ __ocb_encrypt6:
 	aesenclast	@offset[4],$inout4
 	aesenclast	@offset[5],$inout5
 	ret
+.cfi_endproc
 .size	__ocb_encrypt6,.-__ocb_encrypt6
 
 .type	__ocb_encrypt4,\@abi-omnipotent
 .align	32
 __ocb_encrypt4:
+.cfi_startproc
 	 pxor		$rndkey0l,@offset[5]	# offset_i ^ round[0]
 	 movdqu		($L_p,$i1),@offset[1]
 	 movdqa		@offset[0],@offset[2]
@@ -3197,11 +3204,13 @@ __ocb_encrypt4:
 	aesenclast	@offset[2],$inout2
 	aesenclast	@offset[3],$inout3
 	ret
+.cfi_endproc
 .size	__ocb_encrypt4,.-__ocb_encrypt4
 
 .type	__ocb_encrypt1,\@abi-omnipotent
 .align	32
 __ocb_encrypt1:
+.cfi_startproc
 	 pxor		@offset[5],$inout5	# offset_i
 	 pxor		$rndkey0l,$inout5	# offset_i ^ round[0]
 	pxor		$inout0,$checksum	# accumulate checksum
@@ -3232,6 +3241,7 @@ __ocb_encrypt1:
 
 	aesenclast	$inout5,$inout0
 	ret
+.cfi_endproc
 .size	__ocb_encrypt1,.-__ocb_encrypt1
 
 .globl	aesni_ocb_decrypt
@@ -3513,6 +3523,7 @@ $code.=<<___;
 .type	__ocb_decrypt6,\@abi-omnipotent
 .align	32
 __ocb_decrypt6:
+.cfi_startproc
 	 pxor		$rndkey0l,@offset[5]	# offset_i ^ round[0]
 	 movdqu		($L_p,$i1),@offset[1]
 	 movdqa		@offset[0],@offset[2]
@@ -3604,11 +3615,13 @@ __ocb_decrypt6:
 	aesdeclast	@offset[4],$inout4
 	aesdeclast	@offset[5],$inout5
 	ret
+.cfi_endproc
 .size	__ocb_decrypt6,.-__ocb_decrypt6
 
 .type	__ocb_decrypt4,\@abi-omnipotent
 .align	32
 __ocb_decrypt4:
+.cfi_startproc
 	 pxor		$rndkey0l,@offset[5]	# offset_i ^ round[0]
 	 movdqu		($L_p,$i1),@offset[1]
 	 movdqa		@offset[0],@offset[2]
@@ -3669,11 +3682,13 @@ __ocb_decrypt4:
 	aesdeclast	@offset[2],$inout2
 	aesdeclast	@offset[3],$inout3
 	ret
+.cfi_endproc
 .size	__ocb_decrypt4,.-__ocb_decrypt4
 
 .type	__ocb_decrypt1,\@abi-omnipotent
 .align	32
 __ocb_decrypt1:
+.cfi_startproc
 	 pxor		@offset[5],$inout5	# offset_i
 	 pxor		$rndkey0l,$inout5	# offset_i ^ round[0]
 	pxor		$inout5,$inout0		# input ^ round[0] ^ offset_i
@@ -3703,6 +3718,7 @@ __ocb_decrypt1:
 
 	aesdeclast	$inout5,$inout0
 	ret
+.cfi_endproc
 .size	__ocb_decrypt1,.-__ocb_decrypt1
 ___
 } }}
@@ -4637,7 +4653,6 @@ __aesni_set_encrypt_key:
 	add	\$8,%rsp
 .cfi_adjust_cfa_offset	-8
 	ret
-.cfi_endproc
 .LSEH_end_set_encrypt_key:
 
 .align	16
@@ -4708,6 +4723,7 @@ __aesni_set_encrypt_key:
 	shufps	\$0b10101010,%xmm1,%xmm1	# critical path
 	xorps	%xmm1,%xmm2
 	ret
+.cfi_endproc
 .size	${PREFIX}_set_encrypt_key,.-${PREFIX}_set_encrypt_key
 .size	__aesni_set_encrypt_key,.-__aesni_set_encrypt_key
 ___
@@ -4812,7 +4828,7 @@ ctr_xts_se_handler:
 	mov	56($disp),%r11		# disp->HandlerData
 
 	mov	0(%r11),%r10d		# HandlerData[0]
-	lea	(%rsi,%r10),%r10	# prologue lable
+	lea	(%rsi,%r10),%r10	# prologue label
 	cmp	%r10,%rbx		# context->Rip<prologue label
 	jb	.Lcommon_seh_tail
 
@@ -4856,7 +4872,7 @@ ocb_se_handler:
 	mov	56($disp),%r11		# disp->HandlerData
 
 	mov	0(%r11),%r10d		# HandlerData[0]
-	lea	(%rsi,%r10),%r10	# prologue lable
+	lea	(%rsi,%r10),%r10	# prologue label
 	cmp	%r10,%rbx		# context->Rip<prologue label
 	jb	.Lcommon_seh_tail
 
@@ -5138,4 +5154,4 @@ $code =~ s/\bmovbe\s+%eax,\s*([0-9]+)\(%rsp\)/movbe($1)/gem;
 
 print $code;
 
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/aes/asm/aesp8-ppc.pl b/crypto/openssl/crypto/aes/asm/aesp8-ppc.pl
index c0da1b84aaa95..22a538f9e24f2 100755
--- a/crypto/openssl/crypto/aes/asm/aesp8-ppc.pl
+++ b/crypto/openssl/crypto/aes/asm/aesp8-ppc.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2014-2019 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -3804,4 +3804,4 @@ foreach(split("\n",$code)) {
         print $_,"\n";
 }
 
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/aes/asm/aest4-sparcv9.pl b/crypto/openssl/crypto/aes/asm/aest4-sparcv9.pl
index 54d0c58821a7f..478c97eb6feb7 100755
--- a/crypto/openssl/crypto/aes/asm/aest4-sparcv9.pl
+++ b/crypto/openssl/crypto/aes/asm/aest4-sparcv9.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -926,4 +926,4 @@ ___
 
 &emit_assembler();
 
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/aes/asm/aesv8-armx.pl b/crypto/openssl/crypto/aes/asm/aesv8-armx.pl
index fe5bc0d4dcc72..ebaf05c9d6d65 100755
--- a/crypto/openssl/crypto/aes/asm/aesv8-armx.pl
+++ b/crypto/openssl/crypto/aes/asm/aesv8-armx.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2014-2019 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -1008,4 +1008,4 @@ if ($flavour =~ /64/) {			######## 64-bit code
     }
 }
 
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/aes/asm/bsaes-armv7.pl b/crypto/openssl/crypto/aes/asm/bsaes-armv7.pl
index bfe825af0d92b..2b9f241ce8b09 100755
--- a/crypto/openssl/crypto/aes/asm/bsaes-armv7.pl
+++ b/crypto/openssl/crypto/aes/asm/bsaes-armv7.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2012-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -2488,4 +2488,4 @@ close SELF;
 
 print $code;
 
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/aes/asm/vpaes-armv8.pl b/crypto/openssl/crypto/aes/asm/vpaes-armv8.pl
index e38288af5558a..7a9ffbd7d94c1 100755
--- a/crypto/openssl/crypto/aes/asm/vpaes-armv8.pl
+++ b/crypto/openssl/crypto/aes/asm/vpaes-armv8.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -1274,4 +1274,4 @@ ___
 }	}
 print $code;
 
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/aes/asm/vpaes-ppc.pl b/crypto/openssl/crypto/aes/asm/vpaes-ppc.pl
index 3c771a7e98b1c..0260a5c9bff01 100755
--- a/crypto/openssl/crypto/aes/asm/vpaes-ppc.pl
+++ b/crypto/openssl/crypto/aes/asm/vpaes-ppc.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2013-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -1591,4 +1591,4 @@ foreach  (split("\n",$code)) {
 	print $_,"\n";
 }
 
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/aes/asm/vpaes-x86.pl b/crypto/openssl/crypto/aes/asm/vpaes-x86.pl
index 7d57edc0eb6c1..fb02a413345a4 100755
--- a/crypto/openssl/crypto/aes/asm/vpaes-x86.pl
+++ b/crypto/openssl/crypto/aes/asm/vpaes-x86.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -913,4 +913,4 @@ $k_dsbo=0x2c0;		# decryption sbox final output
 
 &asm_finish();
 
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/aes/asm/vpaes-x86_64.pl b/crypto/openssl/crypto/aes/asm/vpaes-x86_64.pl
index 33d293e623d5b..099a686a4d5d7 100755
--- a/crypto/openssl/crypto/aes/asm/vpaes-x86_64.pl
+++ b/crypto/openssl/crypto/aes/asm/vpaes-x86_64.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2011-2019 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -1238,4 +1238,4 @@ $code =~ s/\`([^\`]*)\`/eval($1)/gem;
 
 print $code;
 
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/aria/aria.c b/crypto/openssl/crypto/aria/aria.c
index 293bcc72bd03b..ce55d52664295 100644
--- a/crypto/openssl/crypto/aria/aria.c
+++ b/crypto/openssl/crypto/aria/aria.c
@@ -19,7 +19,7 @@
  */
 
 #include <openssl/e_os2.h>
-#include "internal/aria.h"
+#include "crypto/aria.h"
 
 #include <assert.h>
 #include <string.h>
diff --git a/crypto/openssl/crypto/arm64cpuid.pl b/crypto/openssl/crypto/arm64cpuid.pl
index 06c8add7a0756..319927e6c729e 100755
--- a/crypto/openssl/crypto/arm64cpuid.pl
+++ b/crypto/openssl/crypto/arm64cpuid.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -144,4 +144,4 @@ CRYPTO_memcmp:
 ___
 
 print $code;
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/arm_arch.h b/crypto/openssl/crypto/arm_arch.h
index f11b543df64f0..8b7105571d78a 100644
--- a/crypto/openssl/crypto/arm_arch.h
+++ b/crypto/openssl/crypto/arm_arch.h
@@ -7,8 +7,8 @@
  * https://www.openssl.org/source/license.html
  */
 
-#ifndef __ARM_ARCH_H__
-# define __ARM_ARCH_H__
+#ifndef OSSL_CRYPTO_ARM_ARCH_H
+# define OSSL_CRYPTO_ARM_ARCH_H
 
 # if !defined(__ARM_ARCH__)
 #  if defined(__CC_ARM)
diff --git a/crypto/openssl/crypto/armv4cpuid.pl b/crypto/openssl/crypto/armv4cpuid.pl
index ab007c19c3cd0..d1b71f836f10a 100755
--- a/crypto/openssl/crypto/armv4cpuid.pl
+++ b/crypto/openssl/crypto/armv4cpuid.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -293,4 +293,4 @@ atomic_add_spinlock:
 ___
 
 print $code;
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/asn1/a_bitstr.c b/crypto/openssl/crypto/asn1/a_bitstr.c
index bffbd160a233e..f462dd107368c 100644
--- a/crypto/openssl/crypto/asn1/a_bitstr.c
+++ b/crypto/openssl/crypto/asn1/a_bitstr.c
@@ -11,7 +11,7 @@
 #include <stdio.h>
 #include "internal/cryptlib.h"
 #include <openssl/asn1.h>
-#include "asn1_locl.h"
+#include "asn1_local.h"
 
 int ASN1_BIT_STRING_set(ASN1_BIT_STRING *x, unsigned char *d, int len)
 {
diff --git a/crypto/openssl/crypto/asn1/a_d2i_fp.c b/crypto/openssl/crypto/asn1/a_d2i_fp.c
index a1a17901b8f8c..a452b3deba088 100644
--- a/crypto/openssl/crypto/asn1/a_d2i_fp.c
+++ b/crypto/openssl/crypto/asn1/a_d2i_fp.c
@@ -13,7 +13,7 @@
 #include "internal/numbers.h"
 #include <openssl/buffer.h>
 #include <openssl/asn1.h>
-#include "internal/asn1_int.h"
+#include "crypto/asn1.h"
 
 #ifndef NO_OLD_ASN1
 # ifndef OPENSSL_NO_STDIO
diff --git a/crypto/openssl/crypto/asn1/a_gentm.c b/crypto/openssl/crypto/asn1/a_gentm.c
index d3878d6e57fe4..133bbb1581cb6 100644
--- a/crypto/openssl/crypto/asn1/a_gentm.c
+++ b/crypto/openssl/crypto/asn1/a_gentm.c
@@ -15,7 +15,7 @@
 #include <time.h>
 #include "internal/cryptlib.h"
 #include <openssl/asn1.h>
-#include "asn1_locl.h"
+#include "asn1_local.h"
 
 /* This is the primary function used to parse ASN1_GENERALIZEDTIME */
 int asn1_generalizedtime_to_tm(struct tm *tm, const ASN1_GENERALIZEDTIME *d)
diff --git a/crypto/openssl/crypto/asn1/a_int.c b/crypto/openssl/crypto/asn1/a_int.c
index 70a45cb3cc770..9c1a9f52b5e67 100644
--- a/crypto/openssl/crypto/asn1/a_int.c
+++ b/crypto/openssl/crypto/asn1/a_int.c
@@ -13,7 +13,7 @@
 #include <limits.h>
 #include <openssl/asn1.h>
 #include <openssl/bn.h>
-#include "asn1_locl.h"
+#include "asn1_local.h"
 
 ASN1_INTEGER *ASN1_INTEGER_dup(const ASN1_INTEGER *x)
 {
diff --git a/crypto/openssl/crypto/asn1/a_mbstr.c b/crypto/openssl/crypto/asn1/a_mbstr.c
index 949fe6c1611ac..bdb697ab30c15 100644
--- a/crypto/openssl/crypto/asn1/a_mbstr.c
+++ b/crypto/openssl/crypto/asn1/a_mbstr.c
@@ -8,7 +8,7 @@
  */
 
 #include <stdio.h>
-#include "internal/ctype.h"
+#include "crypto/ctype.h"
 #include "internal/cryptlib.h"
 #include <openssl/asn1.h>
 
diff --git a/crypto/openssl/crypto/asn1/a_object.c b/crypto/openssl/crypto/asn1/a_object.c
index 5e1424a806fbd..d67a723c96116 100644
--- a/crypto/openssl/crypto/asn1/a_object.c
+++ b/crypto/openssl/crypto/asn1/a_object.c
@@ -9,14 +9,14 @@
 
 #include <stdio.h>
 #include <limits.h>
-#include "internal/ctype.h"
+#include "crypto/ctype.h"
 #include "internal/cryptlib.h"
 #include <openssl/buffer.h>
 #include <openssl/asn1.h>
 #include <openssl/objects.h>
 #include <openssl/bn.h>
-#include "internal/asn1_int.h"
-#include "asn1_locl.h"
+#include "crypto/asn1.h"
+#include "asn1_local.h"
 
 int i2d_ASN1_OBJECT(const ASN1_OBJECT *a, unsigned char **pp)
 {
diff --git a/crypto/openssl/crypto/asn1/a_print.c b/crypto/openssl/crypto/asn1/a_print.c
index 8a373d9da9f61..85a631a27aa70 100644
--- a/crypto/openssl/crypto/asn1/a_print.c
+++ b/crypto/openssl/crypto/asn1/a_print.c
@@ -8,7 +8,7 @@
  */
 
 #include <stdio.h>
-#include "internal/ctype.h"
+#include "crypto/ctype.h"
 #include "internal/cryptlib.h"
 #include <openssl/asn1.h>
 
diff --git a/crypto/openssl/crypto/asn1/a_sign.c b/crypto/openssl/crypto/asn1/a_sign.c
index 146fdb9626281..72381b665551b 100644
--- a/crypto/openssl/crypto/asn1/a_sign.c
+++ b/crypto/openssl/crypto/asn1/a_sign.c
@@ -18,8 +18,8 @@
 #include <openssl/x509.h>
 #include <openssl/objects.h>
 #include <openssl/buffer.h>
-#include "internal/asn1_int.h"
-#include "internal/evp_int.h"
+#include "crypto/asn1.h"
+#include "crypto/evp.h"
 
 #ifndef NO_ASN1_OLD
 
diff --git a/crypto/openssl/crypto/asn1/a_strex.c b/crypto/openssl/crypto/asn1/a_strex.c
index ea4dd1c5b189e..4879b33785e97 100644
--- a/crypto/openssl/crypto/asn1/a_strex.c
+++ b/crypto/openssl/crypto/asn1/a_strex.c
@@ -10,7 +10,7 @@
 #include <stdio.h>
 #include <string.h>
 #include "internal/cryptlib.h"
-#include "internal/asn1_int.h"
+#include "crypto/asn1.h"
 #include <openssl/crypto.h>
 #include <openssl/x509.h>
 #include <openssl/asn1.h>
diff --git a/crypto/openssl/crypto/asn1/a_time.c b/crypto/openssl/crypto/asn1/a_time.c
index c36dd9500169f..54e0de1931c23 100644
--- a/crypto/openssl/crypto/asn1/a_time.c
+++ b/crypto/openssl/crypto/asn1/a_time.c
@@ -16,10 +16,10 @@
 
 #include <stdio.h>
 #include <time.h>
-#include "internal/ctype.h"
+#include "crypto/ctype.h"
 #include "internal/cryptlib.h"
 #include <openssl/asn1t.h>
-#include "asn1_locl.h"
+#include "asn1_local.h"
 
 IMPLEMENT_ASN1_MSTRING(ASN1_TIME, B_ASN1_TIME)
 
diff --git a/crypto/openssl/crypto/asn1/a_type.c b/crypto/openssl/crypto/asn1/a_type.c
index 732328e050498..4a96315df03b9 100644
--- a/crypto/openssl/crypto/asn1/a_type.c
+++ b/crypto/openssl/crypto/asn1/a_type.c
@@ -11,7 +11,7 @@
 #include "internal/cryptlib.h"
 #include <openssl/asn1t.h>
 #include <openssl/objects.h>
-#include "asn1_locl.h"
+#include "asn1_local.h"
 
 int ASN1_TYPE_get(const ASN1_TYPE *a)
 {
diff --git a/crypto/openssl/crypto/asn1/a_utctm.c b/crypto/openssl/crypto/asn1/a_utctm.c
index b224991aa3df1..0ff37b16c51fb 100644
--- a/crypto/openssl/crypto/asn1/a_utctm.c
+++ b/crypto/openssl/crypto/asn1/a_utctm.c
@@ -11,7 +11,7 @@
 #include <time.h>
 #include "internal/cryptlib.h"
 #include <openssl/asn1.h>
-#include "asn1_locl.h"
+#include "asn1_local.h"
 
 /* This is the primary function used to parse ASN1_UTCTIME */
 int asn1_utctime_to_tm(struct tm *tm, const ASN1_UTCTIME *d)
diff --git a/crypto/openssl/crypto/asn1/a_verify.c b/crypto/openssl/crypto/asn1/a_verify.c
index cdaf17c3cbc1b..4b5f54234fa55 100644
--- a/crypto/openssl/crypto/asn1/a_verify.c
+++ b/crypto/openssl/crypto/asn1/a_verify.c
@@ -18,8 +18,8 @@
 #include <openssl/objects.h>
 #include <openssl/buffer.h>
 #include <openssl/evp.h>
-#include "internal/asn1_int.h"
-#include "internal/evp_int.h"
+#include "crypto/asn1.h"
+#include "crypto/evp.h"
 
 #ifndef NO_ASN1_OLD
 
diff --git a/crypto/openssl/crypto/asn1/ameth_lib.c b/crypto/openssl/crypto/asn1/ameth_lib.c
index d7d270dbb5819..5e8c3ed1d5b0e 100644
--- a/crypto/openssl/crypto/asn1/ameth_lib.c
+++ b/crypto/openssl/crypto/asn1/ameth_lib.c
@@ -13,8 +13,8 @@
 #include <openssl/asn1t.h>
 #include <openssl/x509.h>
 #include <openssl/engine.h>
-#include "internal/asn1_int.h"
-#include "internal/evp_int.h"
+#include "crypto/asn1.h"
+#include "crypto/evp.h"
 
 #include "standard_methods.h"
 
diff --git a/crypto/openssl/crypto/asn1/asn1_lib.c b/crypto/openssl/crypto/asn1/asn1_lib.c
index 88c4b53918026..a7d32ae5e2c3c 100644
--- a/crypto/openssl/crypto/asn1/asn1_lib.c
+++ b/crypto/openssl/crypto/asn1/asn1_lib.c
@@ -11,7 +11,7 @@
 #include <limits.h>
 #include "internal/cryptlib.h"
 #include <openssl/asn1.h>
-#include "asn1_locl.h"
+#include "asn1_local.h"
 
 static int asn1_get_length(const unsigned char **pp, int *inf, long *rl,
                            long max);
diff --git a/crypto/openssl/crypto/asn1/asn1_locl.h b/crypto/openssl/crypto/asn1/asn1_local.h
index cec141721b348..cec141721b348 100644
--- a/crypto/openssl/crypto/asn1/asn1_locl.h
+++ b/crypto/openssl/crypto/asn1/asn1_local.h
diff --git a/crypto/openssl/crypto/asn1/asn1_par.c b/crypto/openssl/crypto/asn1/asn1_par.c
index 4b60c615de764..3f10c7cb94c56 100644
--- a/crypto/openssl/crypto/asn1/asn1_par.c
+++ b/crypto/openssl/crypto/asn1/asn1_par.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -75,6 +75,8 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
     int nl, hl, j, r;
     ASN1_OBJECT *o = NULL;
     ASN1_OCTET_STRING *os = NULL;
+    ASN1_INTEGER *ai = NULL;
+    ASN1_ENUMERATED *ae = NULL;
     /* ASN1_BMPSTRING *bmp=NULL; */
     int dump_indent, dump_cont = 0;
 
@@ -250,22 +252,21 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
                 ASN1_OCTET_STRING_free(os);
                 os = NULL;
             } else if (tag == V_ASN1_INTEGER) {
-                ASN1_INTEGER *bs;
                 int i;
 
                 opp = op;
-                bs = d2i_ASN1_INTEGER(NULL, &opp, len + hl);
-                if (bs != NULL) {
+                ai = d2i_ASN1_INTEGER(NULL, &opp, len + hl);
+                if (ai != NULL) {
                     if (BIO_write(bp, ":", 1) <= 0)
                         goto end;
-                    if (bs->type == V_ASN1_NEG_INTEGER)
+                    if (ai->type == V_ASN1_NEG_INTEGER)
                         if (BIO_write(bp, "-", 1) <= 0)
                             goto end;
-                    for (i = 0; i < bs->length; i++) {
-                        if (BIO_printf(bp, "%02X", bs->data[i]) <= 0)
+                    for (i = 0; i < ai->length; i++) {
+                        if (BIO_printf(bp, "%02X", ai->data[i]) <= 0)
                             goto end;
                     }
-                    if (bs->length == 0) {
+                    if (ai->length == 0) {
                         if (BIO_write(bp, "00", 2) <= 0)
                             goto end;
                     }
@@ -274,24 +275,24 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
                         goto end;
                     dump_cont = 1;
                 }
-                ASN1_INTEGER_free(bs);
+                ASN1_INTEGER_free(ai);
+                ai = NULL;
             } else if (tag == V_ASN1_ENUMERATED) {
-                ASN1_ENUMERATED *bs;
                 int i;
 
                 opp = op;
-                bs = d2i_ASN1_ENUMERATED(NULL, &opp, len + hl);
-                if (bs != NULL) {
+                ae = d2i_ASN1_ENUMERATED(NULL, &opp, len + hl);
+                if (ae != NULL) {
                     if (BIO_write(bp, ":", 1) <= 0)
                         goto end;
-                    if (bs->type == V_ASN1_NEG_ENUMERATED)
+                    if (ae->type == V_ASN1_NEG_ENUMERATED)
                         if (BIO_write(bp, "-", 1) <= 0)
                             goto end;
-                    for (i = 0; i < bs->length; i++) {
-                        if (BIO_printf(bp, "%02X", bs->data[i]) <= 0)
+                    for (i = 0; i < ae->length; i++) {
+                        if (BIO_printf(bp, "%02X", ae->data[i]) <= 0)
                             goto end;
                     }
-                    if (bs->length == 0) {
+                    if (ae->length == 0) {
                         if (BIO_write(bp, "00", 2) <= 0)
                             goto end;
                     }
@@ -300,7 +301,8 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
                         goto end;
                     dump_cont = 1;
                 }
-                ASN1_ENUMERATED_free(bs);
+                ASN1_ENUMERATED_free(ae);
+                ae = NULL;
             } else if (len > 0 && dump) {
                 if (!nl) {
                     if (BIO_write(bp, "\n", 1) <= 0)
@@ -341,6 +343,8 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
  end:
     ASN1_OBJECT_free(o);
     ASN1_OCTET_STRING_free(os);
+    ASN1_INTEGER_free(ai);
+    ASN1_ENUMERATED_free(ae);
     *pp = p;
     return ret;
 }
diff --git a/crypto/openssl/crypto/asn1/asn_mime.c b/crypto/openssl/crypto/asn1/asn_mime.c
index dfd5be6347543..38735cd86f3ea 100644
--- a/crypto/openssl/crypto/asn1/asn_mime.c
+++ b/crypto/openssl/crypto/asn1/asn_mime.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -8,15 +8,15 @@
  */
 
 #include <stdio.h>
-#include "internal/ctype.h"
+#include "crypto/ctype.h"
 #include "internal/cryptlib.h"
 #include <openssl/rand.h>
 #include <openssl/x509.h>
 #include <openssl/asn1.h>
 #include <openssl/asn1t.h>
-#include "internal/evp_int.h"
+#include "crypto/evp.h"
 #include "internal/bio.h"
-#include "asn1_locl.h"
+#include "asn1_local.h"
 
 /*
  * Generalised MIME like utilities for streaming ASN1. Although many have a
@@ -198,6 +198,14 @@ static int asn1_write_micalg(BIO *out, STACK_OF(X509_ALGOR) *mdalgs)
             BIO_puts(out, "gostr3411-94");
             goto err;
 
+        case NID_id_GostR3411_2012_256:
+            BIO_puts(out, "gostr3411-2012-256");
+            goto err;
+
+        case NID_id_GostR3411_2012_512:
+            BIO_puts(out, "gostr3411-2012-512");
+            goto err;
+
         default:
             if (have_unknown)
                 write_comma = 0;
diff --git a/crypto/openssl/crypto/asn1/asn_moid.c b/crypto/openssl/crypto/asn1/asn_moid.c
index 68a01f31179ef..732ce972aa295 100644
--- a/crypto/openssl/crypto/asn1/asn_moid.c
+++ b/crypto/openssl/crypto/asn1/asn_moid.c
@@ -8,13 +8,13 @@
  */
 
 #include <stdio.h>
-#include "internal/ctype.h"
+#include "crypto/ctype.h"
 #include <openssl/crypto.h>
 #include "internal/cryptlib.h"
 #include <openssl/conf.h>
 #include <openssl/x509.h>
-#include "internal/asn1_int.h"
-#include "internal/objects.h"
+#include "crypto/asn1.h"
+#include "crypto/objects.h"
 
 /* Simple ASN1 OID module: add all objects in a given section */
 
diff --git a/crypto/openssl/crypto/asn1/charmap.h b/crypto/openssl/crypto/asn1/charmap.h
index f15d72d73661d..cac354c6bf33b 100644
--- a/crypto/openssl/crypto/asn1/charmap.h
+++ b/crypto/openssl/crypto/asn1/charmap.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by crypto/asn1/charmap.pl
  *
- * Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/crypto/openssl/crypto/asn1/d2i_pr.c b/crypto/openssl/crypto/asn1/d2i_pr.c
index aa0d6ad6aed07..6ec0107380493 100644
--- a/crypto/openssl/crypto/asn1/d2i_pr.c
+++ b/crypto/openssl/crypto/asn1/d2i_pr.c
@@ -15,8 +15,8 @@
 #include <openssl/engine.h>
 #include <openssl/x509.h>
 #include <openssl/asn1.h>
-#include "internal/asn1_int.h"
-#include "internal/evp_int.h"
+#include "crypto/asn1.h"
+#include "crypto/evp.h"
 
 EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp,
                          long length)
diff --git a/crypto/openssl/crypto/asn1/d2i_pu.c b/crypto/openssl/crypto/asn1/d2i_pu.c
index 7bc16c7bceb40..8327ac16ca9c7 100644
--- a/crypto/openssl/crypto/asn1/d2i_pu.c
+++ b/crypto/openssl/crypto/asn1/d2i_pu.c
@@ -17,7 +17,7 @@
 #include <openssl/dsa.h>
 #include <openssl/ec.h>
 
-#include "internal/evp_int.h"
+#include "crypto/evp.h"
 
 EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp,
                         long length)
diff --git a/crypto/openssl/crypto/asn1/f_int.c b/crypto/openssl/crypto/asn1/f_int.c
index 6d6bddc651cc7..3a18381173d42 100644
--- a/crypto/openssl/crypto/asn1/f_int.c
+++ b/crypto/openssl/crypto/asn1/f_int.c
@@ -8,7 +8,7 @@
  */
 
 #include <stdio.h>
-#include "internal/ctype.h"
+#include "crypto/ctype.h"
 #include "internal/cryptlib.h"
 #include <openssl/buffer.h>
 #include <openssl/asn1.h>
diff --git a/crypto/openssl/crypto/asn1/f_string.c b/crypto/openssl/crypto/asn1/f_string.c
index f893489a67198..53dfec71b5d40 100644
--- a/crypto/openssl/crypto/asn1/f_string.c
+++ b/crypto/openssl/crypto/asn1/f_string.c
@@ -8,7 +8,7 @@
  */
 
 #include <stdio.h>
-#include "internal/ctype.h"
+#include "crypto/ctype.h"
 #include "internal/cryptlib.h"
 #include <openssl/buffer.h>
 #include <openssl/asn1.h>
diff --git a/crypto/openssl/crypto/asn1/i2d_pr.c b/crypto/openssl/crypto/asn1/i2d_pr.c
index 445b0c84251fe..0374c0bfbdc00 100644
--- a/crypto/openssl/crypto/asn1/i2d_pr.c
+++ b/crypto/openssl/crypto/asn1/i2d_pr.c
@@ -11,8 +11,8 @@
 #include "internal/cryptlib.h"
 #include <openssl/evp.h>
 #include <openssl/x509.h>
-#include "internal/asn1_int.h"
-#include "internal/evp_int.h"
+#include "crypto/asn1.h"
+#include "crypto/evp.h"
 
 int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp)
 {
diff --git a/crypto/openssl/crypto/asn1/p8_pkey.c b/crypto/openssl/crypto/asn1/p8_pkey.c
index dbee827e0d378..ab509b1ac976d 100644
--- a/crypto/openssl/crypto/asn1/p8_pkey.c
+++ b/crypto/openssl/crypto/asn1/p8_pkey.c
@@ -11,7 +11,7 @@
 #include "internal/cryptlib.h"
 #include <openssl/asn1t.h>
 #include <openssl/x509.h>
-#include "internal/x509_int.h"
+#include "crypto/x509.h"
 
 /* Minor tweak to operation: zero private key data */
 static int pkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
diff --git a/crypto/openssl/crypto/asn1/t_pkey.c b/crypto/openssl/crypto/asn1/t_pkey.c
index 3b2c9df8917f4..651622aedc8ff 100644
--- a/crypto/openssl/crypto/asn1/t_pkey.c
+++ b/crypto/openssl/crypto/asn1/t_pkey.c
@@ -11,7 +11,7 @@
 #include "internal/cryptlib.h"
 #include <openssl/objects.h>
 #include <openssl/buffer.h>
-#include "internal/bn_int.h"
+#include "crypto/bn.h"
 
 /* Number of octets per line */
 #define ASN1_BUF_PRINT_WIDTH    15
diff --git a/crypto/openssl/crypto/asn1/tasn_dec.c b/crypto/openssl/crypto/asn1/tasn_dec.c
index c2a521ed51800..2332b204edc1c 100644
--- a/crypto/openssl/crypto/asn1/tasn_dec.c
+++ b/crypto/openssl/crypto/asn1/tasn_dec.c
@@ -15,7 +15,7 @@
 #include <openssl/buffer.h>
 #include <openssl/err.h>
 #include "internal/numbers.h"
-#include "asn1_locl.h"
+#include "asn1_local.h"
 
 
 /*
diff --git a/crypto/openssl/crypto/asn1/tasn_enc.c b/crypto/openssl/crypto/asn1/tasn_enc.c
index 30be314ff982a..d600c7a538041 100644
--- a/crypto/openssl/crypto/asn1/tasn_enc.c
+++ b/crypto/openssl/crypto/asn1/tasn_enc.c
@@ -13,8 +13,8 @@
 #include <openssl/asn1.h>
 #include <openssl/asn1t.h>
 #include <openssl/objects.h>
-#include "internal/asn1_int.h"
-#include "asn1_locl.h"
+#include "crypto/asn1.h"
+#include "asn1_local.h"
 
 static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out,
                                  const ASN1_ITEM *it, int tag, int aclass);
diff --git a/crypto/openssl/crypto/asn1/tasn_fre.c b/crypto/openssl/crypto/asn1/tasn_fre.c
index bbce489fe0036..2916bef7863af 100644
--- a/crypto/openssl/crypto/asn1/tasn_fre.c
+++ b/crypto/openssl/crypto/asn1/tasn_fre.c
@@ -11,7 +11,7 @@
 #include <openssl/asn1.h>
 #include <openssl/asn1t.h>
 #include <openssl/objects.h>
-#include "asn1_locl.h"
+#include "asn1_local.h"
 
 /* Free up an ASN1 structure */
 
diff --git a/crypto/openssl/crypto/asn1/tasn_new.c b/crypto/openssl/crypto/asn1/tasn_new.c
index 6b8ea8ddd74db..287f2af33b583 100644
--- a/crypto/openssl/crypto/asn1/tasn_new.c
+++ b/crypto/openssl/crypto/asn1/tasn_new.c
@@ -13,7 +13,7 @@
 #include <openssl/err.h>
 #include <openssl/asn1t.h>
 #include <string.h>
-#include "asn1_locl.h"
+#include "asn1_local.h"
 
 static int asn1_item_embed_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
                                int embed);
diff --git a/crypto/openssl/crypto/asn1/tasn_prn.c b/crypto/openssl/crypto/asn1/tasn_prn.c
index 1fb66f1062ba6..56d5ea0f39e37 100644
--- a/crypto/openssl/crypto/asn1/tasn_prn.c
+++ b/crypto/openssl/crypto/asn1/tasn_prn.c
@@ -15,8 +15,8 @@
 #include <openssl/buffer.h>
 #include <openssl/err.h>
 #include <openssl/x509v3.h>
-#include "internal/asn1_int.h"
-#include "asn1_locl.h"
+#include "crypto/asn1.h"
+#include "asn1_local.h"
 
 /*
  * Print routines.
diff --git a/crypto/openssl/crypto/asn1/tasn_scn.c b/crypto/openssl/crypto/asn1/tasn_scn.c
index e1df2cfcae042..f0f218ae8bbe0 100644
--- a/crypto/openssl/crypto/asn1/tasn_scn.c
+++ b/crypto/openssl/crypto/asn1/tasn_scn.c
@@ -15,7 +15,7 @@
 #include <openssl/buffer.h>
 #include <openssl/err.h>
 #include <openssl/x509v3.h>
-#include "asn1_locl.h"
+#include "asn1_local.h"
 
 /*
  * General ASN1 structure recursive scanner: iterate through all fields
diff --git a/crypto/openssl/crypto/asn1/tasn_utl.c b/crypto/openssl/crypto/asn1/tasn_utl.c
index 7ceecffce7582..a448685e19a9b 100644
--- a/crypto/openssl/crypto/asn1/tasn_utl.c
+++ b/crypto/openssl/crypto/asn1/tasn_utl.c
@@ -15,7 +15,7 @@
 #include <openssl/asn1t.h>
 #include <openssl/objects.h>
 #include <openssl/err.h>
-#include "asn1_locl.h"
+#include "asn1_local.h"
 
 /* Utility functions for manipulating fields and offsets */
 
diff --git a/crypto/openssl/crypto/asn1/x_algor.c b/crypto/openssl/crypto/asn1/x_algor.c
index 853d45b8bc8aa..4c4a718850eed 100644
--- a/crypto/openssl/crypto/asn1/x_algor.c
+++ b/crypto/openssl/crypto/asn1/x_algor.c
@@ -11,7 +11,7 @@
 #include <openssl/x509.h>
 #include <openssl/asn1.h>
 #include <openssl/asn1t.h>
-#include "internal/evp_int.h"
+#include "crypto/evp.h"
 
 ASN1_SEQUENCE(X509_ALGOR) = {
         ASN1_SIMPLE(X509_ALGOR, algorithm, ASN1_OBJECT),
diff --git a/crypto/openssl/crypto/asn1/x_bignum.c b/crypto/openssl/crypto/asn1/x_bignum.c
index 6c93ea7510da1..c6b3accd3a105 100644
--- a/crypto/openssl/crypto/asn1/x_bignum.c
+++ b/crypto/openssl/crypto/asn1/x_bignum.c
@@ -82,7 +82,7 @@ static int bn_secure_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
 
 static void bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
 {
-    if (!*pval)
+    if (*pval == NULL)
         return;
     if (it->size & BN_SENSITIVE)
         BN_clear_free((BIGNUM *)*pval);
@@ -96,7 +96,7 @@ static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype,
 {
     BIGNUM *bn;
     int pad;
-    if (!*pval)
+    if (*pval == NULL)
         return -1;
     bn = (BIGNUM *)*pval;
     /* If MSB set in an octet we need a padding byte */
@@ -133,7 +133,7 @@ static int bn_secure_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
     int ret;
     BIGNUM *bn;
 
-    if (!*pval && !bn_secure_new(pval, it))
+    if (*pval == NULL && !bn_secure_new(pval, it))
         return 0;
 
     ret = bn_c2i(pval, cont, len, utype, free_cont, it);
diff --git a/crypto/openssl/crypto/asn1/x_int64.c b/crypto/openssl/crypto/asn1/x_int64.c
index 0ee552cf0a488..96c1a259e1fe4 100644
--- a/crypto/openssl/crypto/asn1/x_int64.c
+++ b/crypto/openssl/crypto/asn1/x_int64.c
@@ -12,7 +12,7 @@
 #include "internal/numbers.h"
 #include <openssl/asn1t.h>
 #include <openssl/bn.h>
-#include "asn1_locl.h"
+#include "asn1_local.h"
 
 /*
  * Custom primitive types for handling int32_t, int64_t, uint32_t, uint64_t.
diff --git a/crypto/openssl/crypto/asn1/x_sig.c b/crypto/openssl/crypto/asn1/x_sig.c
index e465cf2d4d103..fb24e240cba8e 100644
--- a/crypto/openssl/crypto/asn1/x_sig.c
+++ b/crypto/openssl/crypto/asn1/x_sig.c
@@ -11,7 +11,7 @@
 #include "internal/cryptlib.h"
 #include <openssl/asn1t.h>
 #include <openssl/x509.h>
-#include "internal/x509_int.h"
+#include "crypto/x509.h"
 
 ASN1_SEQUENCE(X509_SIG) = {
         ASN1_SIMPLE(X509_SIG, algor, X509_ALGOR),
diff --git a/crypto/openssl/crypto/async/arch/async_null.c b/crypto/openssl/crypto/async/arch/async_null.c
index 3eaf170f2e507..26801f8731307 100644
--- a/crypto/openssl/crypto/async/arch/async_null.c
+++ b/crypto/openssl/crypto/async/arch/async_null.c
@@ -8,7 +8,7 @@
  */
 
 /* This must be the first #include file */
-#include "../async_locl.h"
+#include "../async_local.h"
 
 #ifdef ASYNC_NULL
 int ASYNC_is_capable(void)
diff --git a/crypto/openssl/crypto/async/arch/async_posix.c b/crypto/openssl/crypto/async/arch/async_posix.c
index 02c342d3dfa93..95678d4fa686a 100644
--- a/crypto/openssl/crypto/async/arch/async_posix.c
+++ b/crypto/openssl/crypto/async/arch/async_posix.c
@@ -8,7 +8,7 @@
  */
 
 /* This must be the first #include file */
-#include "../async_locl.h"
+#include "../async_local.h"
 
 #ifdef ASYNC_POSIX
 
diff --git a/crypto/openssl/crypto/async/arch/async_posix.h b/crypto/openssl/crypto/async/arch/async_posix.h
index 62449fe60e04f..873c0316ddf3f 100644
--- a/crypto/openssl/crypto/async/arch/async_posix.h
+++ b/crypto/openssl/crypto/async/arch/async_posix.h
@@ -7,8 +7,8 @@
  * https://www.openssl.org/source/license.html
  */
 
-#ifndef OPENSSL_ASYNC_ARCH_ASYNC_POSIX_H
-#define OPENSSL_ASYNC_ARCH_ASYNC_POSIX_H
+#ifndef OSSL_CRYPTO_ASYNC_POSIX_H
+#define OSSL_CRYPTO_ASYNC_POSIX_H
 #include <openssl/e_os2.h>
 
 #if defined(OPENSSL_SYS_UNIX) \
@@ -55,4 +55,4 @@ void async_fibre_free(async_fibre *fibre);
 
 # endif
 #endif
-#endif /* OPENSSL_ASYNC_ARCH_ASYNC_POSIX_H */
+#endif /* OSSL_CRYPTO_ASYNC_POSIX_H */
diff --git a/crypto/openssl/crypto/async/async.c b/crypto/openssl/crypto/async/async.c
index 1d83e4576f814..326015c605e96 100644
--- a/crypto/openssl/crypto/async/async.c
+++ b/crypto/openssl/crypto/async/async.c
@@ -16,10 +16,10 @@
 #undef _FORTIFY_SOURCE
 
 /* This must be the first #include file */
-#include "async_locl.h"
+#include "async_local.h"
 
 #include <openssl/err.h>
-#include "internal/cryptlib_int.h"
+#include "crypto/cryptlib.h"
 #include <string.h>
 
 #define ASYNC_JOB_RUNNING   0
diff --git a/crypto/openssl/crypto/async/async_locl.h b/crypto/openssl/crypto/async/async_local.h
index d7790293f74f5..dd1a85e02684a 100644
--- a/crypto/openssl/crypto/async/async_locl.h
+++ b/crypto/openssl/crypto/async/async_local.h
@@ -20,7 +20,7 @@
 # include <windows.h>
 #endif
 
-#include "internal/async.h"
+#include "crypto/async.h"
 #include <openssl/crypto.h>
 
 typedef struct async_ctx_st async_ctx;
diff --git a/crypto/openssl/crypto/async/async_wait.c b/crypto/openssl/crypto/async/async_wait.c
index b23e43e8c8624..7723f949a67eb 100644
--- a/crypto/openssl/crypto/async/async_wait.c
+++ b/crypto/openssl/crypto/async/async_wait.c
@@ -8,7 +8,7 @@
  */
 
 /* This must be the first #include file */
-#include "async_locl.h"
+#include "async_local.h"
 
 #include <openssl/err.h>
 
diff --git a/crypto/openssl/crypto/bf/asm/bf-586.pl b/crypto/openssl/crypto/bf/asm/bf-586.pl
index 4e913aecf42da..cddc17bddafa9 100644
--- a/crypto/openssl/crypto/bf/asm/bf-586.pl
+++ b/crypto/openssl/crypto/bf/asm/bf-586.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -32,7 +32,7 @@ $tmp4="edx";
 &cbc("BF_cbc_encrypt","BF_encrypt","BF_decrypt",1,4,5,3,-1,-1);
 &asm_finish();
 
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
 
 sub BF_encrypt
 	{
diff --git a/crypto/openssl/crypto/bf/bf_cfb64.c b/crypto/openssl/crypto/bf/bf_cfb64.c
index ce6e13b5a4cc3..12332c540d666 100644
--- a/crypto/openssl/crypto/bf/bf_cfb64.c
+++ b/crypto/openssl/crypto/bf/bf_cfb64.c
@@ -8,7 +8,7 @@
  */
 
 #include <openssl/blowfish.h>
-#include "bf_locl.h"
+#include "bf_local.h"
 
 /*
  * The input and output encrypted as though 64bit cfb mode is being used.
diff --git a/crypto/openssl/crypto/bf/bf_ecb.c b/crypto/openssl/crypto/bf/bf_ecb.c
index dc1becdbe4ed0..38e784cc2dad7 100644
--- a/crypto/openssl/crypto/bf/bf_ecb.c
+++ b/crypto/openssl/crypto/bf/bf_ecb.c
@@ -8,7 +8,7 @@
  */
 
 #include <openssl/blowfish.h>
-#include "bf_locl.h"
+#include "bf_local.h"
 #include <openssl/opensslv.h>
 
 /*
diff --git a/crypto/openssl/crypto/bf/bf_enc.c b/crypto/openssl/crypto/bf/bf_enc.c
index 67c0d78aec5cb..423a4697a51e0 100644
--- a/crypto/openssl/crypto/bf/bf_enc.c
+++ b/crypto/openssl/crypto/bf/bf_enc.c
@@ -8,7 +8,7 @@
  */
 
 #include <openssl/blowfish.h>
-#include "bf_locl.h"
+#include "bf_local.h"
 
 /*
  * Blowfish as implemented from 'Blowfish: Springer-Verlag paper' (From
diff --git a/crypto/openssl/crypto/bf/bf_locl.h b/crypto/openssl/crypto/bf/bf_local.h
index b1a415e5132c1..8c76976fa4d92 100644
--- a/crypto/openssl/crypto/bf/bf_locl.h
+++ b/crypto/openssl/crypto/bf/bf_local.h
@@ -7,8 +7,8 @@
  * https://www.openssl.org/source/license.html
  */
 
-#ifndef HEADER_BF_LOCL_H
-# define HEADER_BF_LOCL_H
+#ifndef OSSL_CRYPTO_BF_LOCAL_H
+# define OSSL_CRYPTO_BF_LOCAL_H
 # include <openssl/opensslconf.h>
 
 /* NOTE - c is not incremented as per n2l */
diff --git a/crypto/openssl/crypto/bf/bf_ofb64.c b/crypto/openssl/crypto/bf/bf_ofb64.c
index 6418217b307d6..5d75401fcca5d 100644
--- a/crypto/openssl/crypto/bf/bf_ofb64.c
+++ b/crypto/openssl/crypto/bf/bf_ofb64.c
@@ -8,7 +8,7 @@
  */
 
 #include <openssl/blowfish.h>
-#include "bf_locl.h"
+#include "bf_local.h"
 
 /*
  * The input and output encrypted as though 64bit ofb mode is being used.
diff --git a/crypto/openssl/crypto/bf/bf_skey.c b/crypto/openssl/crypto/bf/bf_skey.c
index a4903a2a71de5..ed29cf9153a4b 100644
--- a/crypto/openssl/crypto/bf/bf_skey.c
+++ b/crypto/openssl/crypto/bf/bf_skey.c
@@ -10,7 +10,7 @@
 #include <stdio.h>
 #include <string.h>
 #include <openssl/blowfish.h>
-#include "bf_locl.h"
+#include "bf_local.h"
 #include "bf_pi.h"
 
 void BF_set_key(BF_KEY *key, int len, const unsigned char *data)
diff --git a/crypto/openssl/crypto/bio/b_addr.c b/crypto/openssl/crypto/bio/b_addr.c
index dd5008e636a47..d11268b6dc594 100644
--- a/crypto/openssl/crypto/bio/b_addr.c
+++ b/crypto/openssl/crypto/bio/b_addr.c
@@ -10,7 +10,7 @@
 #include <assert.h>
 #include <string.h>
 
-#include "bio_lcl.h"
+#include "bio_local.h"
 #include <openssl/crypto.h>
 
 #ifndef OPENSSL_NO_SOCK
@@ -22,7 +22,7 @@ CRYPTO_RWLOCK *bio_lookup_lock;
 static CRYPTO_ONCE bio_lookup_init = CRYPTO_ONCE_STATIC_INIT;
 
 /*
- * Throughout this file and bio_lcl.h, the existence of the macro
+ * Throughout this file and bio_local.h, the existence of the macro
  * AI_PASSIVE is used to detect the availability of struct addrinfo,
  * getnameinfo() and getaddrinfo().  If that macro doesn't exist,
  * we use our own implementation instead, using gethostbyname,
@@ -694,9 +694,11 @@ int BIO_lookup_ex(const char *host, const char *service, int lookup_type,
             hints.ai_flags |= AI_PASSIVE;
 
         /* Note that |res| SHOULD be a 'struct addrinfo **' thanks to
-         * macro magic in bio_lcl.h
+         * macro magic in bio_local.h
          */
+# if defined(AI_ADDRCONFIG) && defined(AI_NUMERICHOST)
       retry:
+# endif
         switch ((gai_ret = getaddrinfo(host, service, &hints, res))) {
 # ifdef EAI_SYSTEM
         case EAI_SYSTEM:
diff --git a/crypto/openssl/crypto/bio/b_dump.c b/crypto/openssl/crypto/bio/b_dump.c
index 0d06414e7d912..f175e244b2330 100644
--- a/crypto/openssl/crypto/bio/b_dump.c
+++ b/crypto/openssl/crypto/bio/b_dump.c
@@ -12,7 +12,7 @@
  */
 
 #include <stdio.h>
-#include "bio_lcl.h"
+#include "bio_local.h"
 
 #define DUMP_WIDTH      16
 #define DUMP_WIDTH_LESS_INDENT(i) (DUMP_WIDTH - ((i - (i > 6 ? 6 : i) + 3) / 4))
@@ -36,8 +36,8 @@ int BIO_dump_indent_cb(int (*cb) (const void *data, size_t len, void *u),
 
     if (indent < 0)
         indent = 0;
-    else if (indent > 128)
-        indent = 128;
+    else if (indent > 64)
+        indent = 64;
 
     dump_width = DUMP_WIDTH_LESS_INDENT(indent);
     rows = len / dump_width;
diff --git a/crypto/openssl/crypto/bio/b_print.c b/crypto/openssl/crypto/bio/b_print.c
index 9e907fcaa778c..8ef90ac1d4f8b 100644
--- a/crypto/openssl/crypto/bio/b_print.c
+++ b/crypto/openssl/crypto/bio/b_print.c
@@ -10,7 +10,7 @@
 #include <stdio.h>
 #include <string.h>
 #include "internal/cryptlib.h"
-#include "internal/ctype.h"
+#include "crypto/ctype.h"
 #include "internal/numbers.h"
 #include <openssl/bio.h>
 
diff --git a/crypto/openssl/crypto/bio/b_sock.c b/crypto/openssl/crypto/bio/b_sock.c
index e7a24d02cbe5b..df431e6d523d4 100644
--- a/crypto/openssl/crypto/bio/b_sock.c
+++ b/crypto/openssl/crypto/bio/b_sock.c
@@ -10,7 +10,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <errno.h>
-#include "bio_lcl.h"
+#include "bio_local.h"
 #ifndef OPENSSL_NO_SOCK
 # define SOCKET_PROTOCOL IPPROTO_TCP
 # ifdef SO_MAXCONN
diff --git a/crypto/openssl/crypto/bio/b_sock2.c b/crypto/openssl/crypto/bio/b_sock2.c
index 5d82ab22dc304..335dfabc6180d 100644
--- a/crypto/openssl/crypto/bio/b_sock2.c
+++ b/crypto/openssl/crypto/bio/b_sock2.c
@@ -11,7 +11,7 @@
 #include <stdlib.h>
 #include <errno.h>
 
-#include "bio_lcl.h"
+#include "bio_local.h"
 
 #include <openssl/err.h>
 
diff --git a/crypto/openssl/crypto/bio/bf_buff.c b/crypto/openssl/crypto/bio/bf_buff.c
index 8e87a629b8b54..51ae1f918d877 100644
--- a/crypto/openssl/crypto/bio/bf_buff.c
+++ b/crypto/openssl/crypto/bio/bf_buff.c
@@ -9,7 +9,7 @@
 
 #include <stdio.h>
 #include <errno.h>
-#include "bio_lcl.h"
+#include "bio_local.h"
 #include "internal/cryptlib.h"
 
 static int buffer_write(BIO *h, const char *buf, int num);
diff --git a/crypto/openssl/crypto/bio/bf_lbuf.c b/crypto/openssl/crypto/bio/bf_lbuf.c
index 194c7b8af7137..72f9901813ea7 100644
--- a/crypto/openssl/crypto/bio/bf_lbuf.c
+++ b/crypto/openssl/crypto/bio/bf_lbuf.c
@@ -9,7 +9,7 @@
 
 #include <stdio.h>
 #include <errno.h>
-#include "bio_lcl.h"
+#include "bio_local.h"
 #include "internal/cryptlib.h"
 #include <openssl/evp.h>
 
diff --git a/crypto/openssl/crypto/bio/bf_nbio.c b/crypto/openssl/crypto/bio/bf_nbio.c
index 4bc84eeba659c..dd7011ab669f0 100644
--- a/crypto/openssl/crypto/bio/bf_nbio.c
+++ b/crypto/openssl/crypto/bio/bf_nbio.c
@@ -9,7 +9,7 @@
 
 #include <stdio.h>
 #include <errno.h>
-#include "bio_lcl.h"
+#include "bio_local.h"
 #include "internal/cryptlib.h"
 #include <openssl/rand.h>
 
diff --git a/crypto/openssl/crypto/bio/bf_null.c b/crypto/openssl/crypto/bio/bf_null.c
index 613fb2e0583dd..48c6be692a5d4 100644
--- a/crypto/openssl/crypto/bio/bf_null.c
+++ b/crypto/openssl/crypto/bio/bf_null.c
@@ -9,7 +9,7 @@
 
 #include <stdio.h>
 #include <errno.h>
-#include "bio_lcl.h"
+#include "bio_local.h"
 #include "internal/cryptlib.h"
 
 /*
diff --git a/crypto/openssl/crypto/bio/bio_cb.c b/crypto/openssl/crypto/bio/bio_cb.c
index 1154c233afd8d..a153100a88254 100644
--- a/crypto/openssl/crypto/bio/bio_cb.c
+++ b/crypto/openssl/crypto/bio/bio_cb.c
@@ -10,7 +10,7 @@
 #include <stdio.h>
 #include <string.h>
 #include <stdlib.h>
-#include "bio_lcl.h"
+#include "bio_local.h"
 #include "internal/cryptlib.h"
 #include <openssl/err.h>
 
diff --git a/crypto/openssl/crypto/bio/bio_lib.c b/crypto/openssl/crypto/bio/bio_lib.c
index ca375b911ae8b..d2202e537b30a 100644
--- a/crypto/openssl/crypto/bio/bio_lib.c
+++ b/crypto/openssl/crypto/bio/bio_lib.c
@@ -10,7 +10,7 @@
 #include <stdio.h>
 #include <errno.h>
 #include <openssl/crypto.h>
-#include "bio_lcl.h"
+#include "bio_local.h"
 #include "internal/cryptlib.h"
 
 
diff --git a/crypto/openssl/crypto/bio/bio_lcl.h b/crypto/openssl/crypto/bio/bio_local.h
index e2c05a20de6cb..8b2122129396d 100644
--- a/crypto/openssl/crypto/bio/bio_lcl.h
+++ b/crypto/openssl/crypto/bio/bio_local.h
@@ -27,11 +27,11 @@
  * For clarity, we check for internal/cryptlib.h since it's a common header
  * that also includes bio.h.
  */
-# ifdef HEADER_CRYPTLIB_H
-#  error internal/cryptlib.h included before bio_lcl.h
+# ifdef OSSL_INTERNAL_CRYPTLIB_H
+#  error internal/cryptlib.h included before bio_local.h
 # endif
 # ifdef HEADER_BIO_H
-#  error openssl/bio.h included before bio_lcl.h
+#  error openssl/bio.h included before bio_local.h
 # endif
 
 /*
diff --git a/crypto/openssl/crypto/bio/bio_meth.c b/crypto/openssl/crypto/bio/bio_meth.c
index 493ff63a9012b..da116461922eb 100644
--- a/crypto/openssl/crypto/bio/bio_meth.c
+++ b/crypto/openssl/crypto/bio/bio_meth.c
@@ -7,7 +7,7 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include "bio_lcl.h"
+#include "bio_local.h"
 #include "internal/thread_once.h"
 
 CRYPTO_RWLOCK *bio_type_lock = NULL;
diff --git a/crypto/openssl/crypto/bio/bss_acpt.c b/crypto/openssl/crypto/bio/bss_acpt.c
index 993e5903a04fa..b38e47a592f44 100644
--- a/crypto/openssl/crypto/bio/bss_acpt.c
+++ b/crypto/openssl/crypto/bio/bss_acpt.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -9,7 +9,7 @@
 
 #include <stdio.h>
 #include <errno.h>
-#include "bio_lcl.h"
+#include "bio_local.h"
 
 #ifndef OPENSSL_NO_SOCK
 
@@ -527,7 +527,12 @@ static long acpt_ctrl(BIO *b, int cmd, long num, void *ptr)
         break;
     case BIO_CTRL_DUP:
         break;
-
+    case BIO_CTRL_EOF:
+        if (b->next_bio == NULL)
+            ret = 0;
+        else
+            ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        break;
     default:
         ret = 0;
         break;
diff --git a/crypto/openssl/crypto/bio/bss_bio.c b/crypto/openssl/crypto/bio/bss_bio.c
index e34382c557814..c97349e432825 100644
--- a/crypto/openssl/crypto/bio/bss_bio.c
+++ b/crypto/openssl/crypto/bio/bss_bio.c
@@ -21,7 +21,7 @@
 #include <stdlib.h>
 #include <string.h>
 
-#include "bio_lcl.h"
+#include "bio_local.h"
 #include <openssl/err.h>
 #include <openssl/crypto.h>
 
diff --git a/crypto/openssl/crypto/bio/bss_conn.c b/crypto/openssl/crypto/bio/bss_conn.c
index e9673fe783369..dd43a406018ca 100644
--- a/crypto/openssl/crypto/bio/bss_conn.c
+++ b/crypto/openssl/crypto/bio/bss_conn.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -10,7 +10,7 @@
 #include <stdio.h>
 #include <errno.h>
 
-#include "bio_lcl.h"
+#include "bio_local.h"
 
 #ifndef OPENSSL_NO_SOCK
 
@@ -54,6 +54,7 @@ void BIO_CONNECT_free(BIO_CONNECT *a);
 #define BIO_CONN_S_CONNECT               4
 #define BIO_CONN_S_OK                    5
 #define BIO_CONN_S_BLOCKED_CONNECT       6
+#define BIO_CONN_S_CONNECT_ERROR         7
 
 static const BIO_METHOD methods_connectp = {
     BIO_TYPE_CONNECT,
@@ -174,7 +175,8 @@ static int conn_state(BIO *b, BIO_CONNECT *c)
                     ERR_add_error_data(4,
                                        "hostname=", c->param_hostname,
                                        " service=", c->param_service);
-                    BIOerr(BIO_F_CONN_STATE, BIO_R_CONNECT_ERROR);
+                    c->state = BIO_CONN_S_CONNECT_ERROR;
+                    break;
                 }
                 goto exit_loop;
             } else {
@@ -197,6 +199,11 @@ static int conn_state(BIO *b, BIO_CONNECT *c)
                 c->state = BIO_CONN_S_OK;
             break;
 
+        case BIO_CONN_S_CONNECT_ERROR:
+            BIOerr(BIO_F_CONN_STATE, BIO_R_CONNECT_ERROR);
+            ret = 0;
+            goto exit_loop;
+
         case BIO_CONN_S_OK:
             ret = 1;
             goto exit_loop;
@@ -309,6 +316,8 @@ static int conn_read(BIO *b, char *out, int outl)
         if (ret <= 0) {
             if (BIO_sock_should_retry(ret))
                 BIO_set_retry_read(b);
+            else if (ret == 0)
+                b->flags |= BIO_FLAGS_IN_EOF;
         }
     }
     return ret;
@@ -488,6 +497,9 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
             *fptr = data->info_callback;
         }
         break;
+    case BIO_CTRL_EOF:
+        ret = (b->flags & BIO_FLAGS_IN_EOF) != 0 ? 1 : 0;
+        break;
     default:
         ret = 0;
         break;
diff --git a/crypto/openssl/crypto/bio/bss_dgram.c b/crypto/openssl/crypto/bio/bss_dgram.c
index 551821609f731..942fd8b514be3 100644
--- a/crypto/openssl/crypto/bio/bss_dgram.c
+++ b/crypto/openssl/crypto/bio/bss_dgram.c
@@ -10,7 +10,7 @@
 #include <stdio.h>
 #include <errno.h>
 
-#include "bio_lcl.h"
+#include "bio_local.h"
 #ifndef OPENSSL_NO_DGRAM
 
 # ifndef OPENSSL_NO_SCTP
diff --git a/crypto/openssl/crypto/bio/bss_fd.c b/crypto/openssl/crypto/bio/bss_fd.c
index 5bc539c90b961..ccbe1626baf22 100644
--- a/crypto/openssl/crypto/bio/bss_fd.c
+++ b/crypto/openssl/crypto/bio/bss_fd.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -10,7 +10,7 @@
 #include <stdio.h>
 #include <errno.h>
 
-#include "bio_lcl.h"
+#include "bio_local.h"
 
 #if defined(OPENSSL_NO_POSIX_IO)
 /*
@@ -123,6 +123,8 @@ static int fd_read(BIO *b, char *out, int outl)
         if (ret <= 0) {
             if (BIO_fd_should_retry(ret))
                 BIO_set_retry_read(b);
+            else if (ret == 0)
+                b->flags |= BIO_FLAGS_IN_EOF;
         }
     }
     return ret;
@@ -186,6 +188,9 @@ static long fd_ctrl(BIO *b, int cmd, long num, void *ptr)
     case BIO_CTRL_FLUSH:
         ret = 1;
         break;
+    case BIO_CTRL_EOF:
+        ret = (b->flags & BIO_FLAGS_IN_EOF) != 0 ? 1 : 0;
+        break;
     default:
         ret = 0;
         break;
diff --git a/crypto/openssl/crypto/bio/bss_file.c b/crypto/openssl/crypto/bio/bss_file.c
index a210205597601..1a70ce7994049 100644
--- a/crypto/openssl/crypto/bio/bss_file.c
+++ b/crypto/openssl/crypto/bio/bss_file.c
@@ -27,7 +27,7 @@
 
 #include <stdio.h>
 #include <errno.h>
-#include "bio_lcl.h"
+#include "bio_local.h"
 #include <openssl/err.h>
 
 #if !defined(OPENSSL_NO_STDIO)
diff --git a/crypto/openssl/crypto/bio/bss_log.c b/crypto/openssl/crypto/bio/bss_log.c
index e9ab932ec2953..b9579faaa2a57 100644
--- a/crypto/openssl/crypto/bio/bss_log.c
+++ b/crypto/openssl/crypto/bio/bss_log.c
@@ -19,7 +19,7 @@
 #include <stdio.h>
 #include <errno.h>
 
-#include "bio_lcl.h"
+#include "bio_local.h"
 #include "internal/cryptlib.h"
 
 #if defined(OPENSSL_SYS_WINCE)
diff --git a/crypto/openssl/crypto/bio/bss_mem.c b/crypto/openssl/crypto/bio/bss_mem.c
index 2d536e9db05f4..7cb4a57813fdc 100644
--- a/crypto/openssl/crypto/bio/bss_mem.c
+++ b/crypto/openssl/crypto/bio/bss_mem.c
@@ -9,7 +9,7 @@
 
 #include <stdio.h>
 #include <errno.h>
-#include "bio_lcl.h"
+#include "bio_local.h"
 #include "internal/cryptlib.h"
 
 static int mem_write(BIO *h, const char *buf, int num);
diff --git a/crypto/openssl/crypto/bio/bss_null.c b/crypto/openssl/crypto/bio/bss_null.c
index 08f1d2bc98a37..e73ce7841d413 100644
--- a/crypto/openssl/crypto/bio/bss_null.c
+++ b/crypto/openssl/crypto/bio/bss_null.c
@@ -9,7 +9,7 @@
 
 #include <stdio.h>
 #include <errno.h>
-#include "bio_lcl.h"
+#include "bio_local.h"
 #include "internal/cryptlib.h"
 
 static int null_write(BIO *h, const char *buf, int num);
diff --git a/crypto/openssl/crypto/bio/bss_sock.c b/crypto/openssl/crypto/bio/bss_sock.c
index ad38453201f17..6251f3d46a177 100644
--- a/crypto/openssl/crypto/bio/bss_sock.c
+++ b/crypto/openssl/crypto/bio/bss_sock.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -9,7 +9,7 @@
 
 #include <stdio.h>
 #include <errno.h>
-#include "bio_lcl.h"
+#include "bio_local.h"
 #include "internal/cryptlib.h"
 
 #ifndef OPENSSL_NO_SOCK
@@ -101,6 +101,8 @@ static int sock_read(BIO *b, char *out, int outl)
         if (ret <= 0) {
             if (BIO_sock_should_retry(ret))
                 BIO_set_retry_read(b);
+            else if (ret == 0)
+                b->flags |= BIO_FLAGS_IN_EOF;
         }
     }
     return ret;
@@ -151,6 +153,9 @@ static long sock_ctrl(BIO *b, int cmd, long num, void *ptr)
     case BIO_CTRL_FLUSH:
         ret = 1;
         break;
+    case BIO_CTRL_EOF:
+        ret = (b->flags & BIO_FLAGS_IN_EOF) != 0 ? 1 : 0;
+        break;
     default:
         ret = 0;
         break;
diff --git a/crypto/openssl/crypto/blake2/blake2_locl.h b/crypto/openssl/crypto/blake2/blake2_local.h
index 926bae944c174..926bae944c174 100644
--- a/crypto/openssl/crypto/blake2/blake2_locl.h
+++ b/crypto/openssl/crypto/blake2/blake2_local.h
diff --git a/crypto/openssl/crypto/blake2/blake2b.c b/crypto/openssl/crypto/blake2/blake2b.c
index 4b353dd498bb0..fc6e5f1a3f3cc 100644
--- a/crypto/openssl/crypto/blake2/blake2b.c
+++ b/crypto/openssl/crypto/blake2/blake2b.c
@@ -18,7 +18,7 @@
 #include <string.h>
 #include <openssl/crypto.h>
 
-#include "blake2_locl.h"
+#include "blake2_local.h"
 #include "blake2_impl.h"
 
 static const uint64_t blake2b_IV[8] =
diff --git a/crypto/openssl/crypto/blake2/blake2s.c b/crypto/openssl/crypto/blake2/blake2s.c
index 8211374d123f1..d072e05ca3643 100644
--- a/crypto/openssl/crypto/blake2/blake2s.c
+++ b/crypto/openssl/crypto/blake2/blake2s.c
@@ -18,7 +18,7 @@
 #include <string.h>
 #include <openssl/crypto.h>
 
-#include "blake2_locl.h"
+#include "blake2_local.h"
 #include "blake2_impl.h"
 
 static const uint32_t blake2s_IV[8] =
diff --git a/crypto/openssl/crypto/blake2/m_blake2b.c b/crypto/openssl/crypto/blake2/m_blake2b.c
index c493648c3cd08..ce4d8f95652f4 100644
--- a/crypto/openssl/crypto/blake2/m_blake2b.c
+++ b/crypto/openssl/crypto/blake2/m_blake2b.c
@@ -20,8 +20,8 @@
 
 # include <openssl/evp.h>
 # include <openssl/objects.h>
-# include "blake2_locl.h"
-# include "internal/evp_int.h"
+# include "blake2_local.h"
+# include "crypto/evp.h"
 
 static int init(EVP_MD_CTX *ctx)
 {
diff --git a/crypto/openssl/crypto/blake2/m_blake2s.c b/crypto/openssl/crypto/blake2/m_blake2s.c
index 83b2811e44328..b8fb048b30bf9 100644
--- a/crypto/openssl/crypto/blake2/m_blake2s.c
+++ b/crypto/openssl/crypto/blake2/m_blake2s.c
@@ -20,8 +20,8 @@
 
 # include <openssl/evp.h>
 # include <openssl/objects.h>
-# include "blake2_locl.h"
-# include "internal/evp_int.h"
+# include "blake2_local.h"
+# include "crypto/evp.h"
 
 static int init(EVP_MD_CTX *ctx)
 {
diff --git a/crypto/openssl/crypto/bn/README.pod b/crypto/openssl/crypto/bn/README.pod
index 706a140342cd6..5d5c4fa99fa10 100644
--- a/crypto/openssl/crypto/bn/README.pod
+++ b/crypto/openssl/crypto/bn/README.pod
@@ -188,7 +188,7 @@ B<a> and the 2*B<n> word arrays B<tmp> and B<r>.
 
 The implementations use the following macros which, depending on the
 architecture, may use "long long" C operations or inline assembler.
-They are defined in C<bn_lcl.h>.
+They are defined in C<bn_local.h>.
 
 mul(B<r>, B<a>, B<w>, B<c>) computes B<w>*B<a>+B<c> and places the
 low word of the result in B<r> and the high word in B<c>.
diff --git a/crypto/openssl/crypto/bn/asm/armv4-gf2m.pl b/crypto/openssl/crypto/bn/asm/armv4-gf2m.pl
index 7a0cdb2e8a009..3a83cb855007d 100755
--- a/crypto/openssl/crypto/bn/asm/armv4-gf2m.pl
+++ b/crypto/openssl/crypto/bn/asm/armv4-gf2m.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -329,4 +329,4 @@ foreach (split("\n",$code)) {
 
 	print $_,"\n";
 }
-close STDOUT;   # enforce flush
+close STDOUT or die "error closing STDOUT: $!";   # enforce flush
diff --git a/crypto/openssl/crypto/bn/asm/armv4-mont.pl b/crypto/openssl/crypto/bn/asm/armv4-mont.pl
index 6bedc62ba62de..eadc8bbf63228 100755
--- a/crypto/openssl/crypto/bn/asm/armv4-mont.pl
+++ b/crypto/openssl/crypto/bn/asm/armv4-mont.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -754,4 +754,4 @@ foreach (split("\n",$code)) {
 	print $_,"\n";
 }
 
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/bn/asm/armv8-mont.pl b/crypto/openssl/crypto/bn/asm/armv8-mont.pl
index d8347bf932492..bc9a18dc4ce6c 100755
--- a/crypto/openssl/crypto/bn/asm/armv8-mont.pl
+++ b/crypto/openssl/crypto/bn/asm/armv8-mont.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -1511,4 +1511,4 @@ ___
 
 print $code;
 
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/bn/asm/bn-586.pl b/crypto/openssl/crypto/bn/asm/bn-586.pl
index 58effc8808dd4..e0422405d5f31 100644
--- a/crypto/openssl/crypto/bn/asm/bn-586.pl
+++ b/crypto/openssl/crypto/bn/asm/bn-586.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -31,7 +31,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
 
 &asm_finish();
 
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
 
 sub bn_mul_add_words
 	{
diff --git a/crypto/openssl/crypto/bn/asm/c64xplus-gf2m.pl b/crypto/openssl/crypto/bn/asm/c64xplus-gf2m.pl
index 9c46da3af8d1f..3bb8d120e96a4 100755
--- a/crypto/openssl/crypto/bn/asm/c64xplus-gf2m.pl
+++ b/crypto/openssl/crypto/bn/asm/c64xplus-gf2m.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -157,4 +157,4 @@ $code.=<<___;
 ___
 
 print $code;
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/bn/asm/co-586.pl b/crypto/openssl/crypto/bn/asm/co-586.pl
index 97f5e3a19fc43..3c34fa885c307 100644
--- a/crypto/openssl/crypto/bn/asm/co-586.pl
+++ b/crypto/openssl/crypto/bn/asm/co-586.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -22,7 +22,7 @@ open STDOUT,">$output";
 
 &asm_finish();
 
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
 
 sub mul_add_c
 	{
@@ -39,17 +39,17 @@ sub mul_add_c
 
 	&mul("edx");
 	&add($c0,"eax");
-	 &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 0;	# laod next a
+	 &mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 0;	# load next a
 	 &mov("eax",&wparam(0)) if $pos > 0;			# load r[]
 	 ###
 	&adc($c1,"edx");
-	 &mov("edx",&DWP(($nb)*4,$b,"",0)) if $pos == 0;	# laod next b
-	 &mov("edx",&DWP(($nb)*4,$b,"",0)) if $pos == 1;	# laod next b
+	 &mov("edx",&DWP(($nb)*4,$b,"",0)) if $pos == 0;	# load next b
+	 &mov("edx",&DWP(($nb)*4,$b,"",0)) if $pos == 1;	# load next b
 	 ###
 	&adc($c2,0);
 	 # is pos > 1, it means it is the last loop
 	 &mov(&DWP($i*4,"eax","",0),$c0) if $pos > 0;		# save r[];
-	&mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 1;		# laod next a
+	&mov("eax",&DWP(($na)*4,$a,"",0)) if $pos == 1;		# load next a
 	}
 
 sub sqr_add_c
diff --git a/crypto/openssl/crypto/bn/asm/ia64-mont.pl b/crypto/openssl/crypto/bn/asm/ia64-mont.pl
index ec486f77792be..7a4e74d719429 100755
--- a/crypto/openssl/crypto/bn/asm/ia64-mont.pl
+++ b/crypto/openssl/crypto/bn/asm/ia64-mont.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -857,4 +857,4 @@ ___
 
 open STDOUT,">$output" if $output;
 print $code;
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/bn/asm/mips-mont.pl b/crypto/openssl/crypto/bn/asm/mips-mont.pl
index fbe5d04f716c9..3b79a4b186d77 100755
--- a/crypto/openssl/crypto/bn/asm/mips-mont.pl
+++ b/crypto/openssl/crypto/bn/asm/mips-mont.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -430,4 +430,4 @@ ___
 $code =~ s/\`([^\`]*)\`/eval $1/gem;
 
 print $code;
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/bn/asm/mips.pl b/crypto/openssl/crypto/bn/asm/mips.pl
index a205189eb684f..8ad715bda4d4e 100755
--- a/crypto/openssl/crypto/bn/asm/mips.pl
+++ b/crypto/openssl/crypto/bn/asm/mips.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2010-2019 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -2260,4 +2260,4 @@ $code.=<<___;
 .end	bn_sqr_comba4
 ___
 print $code;
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/bn/asm/parisc-mont.pl b/crypto/openssl/crypto/bn/asm/parisc-mont.pl
index aa9f626ed2676..6a7c714a156ee 100755
--- a/crypto/openssl/crypto/bn/asm/parisc-mont.pl
+++ b/crypto/openssl/crypto/bn/asm/parisc-mont.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2009-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -1003,4 +1003,4 @@ foreach (split("\n",$code)) {
 
 	print $_,"\n";
 }
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/bn/asm/ppc-mont.pl b/crypto/openssl/crypto/bn/asm/ppc-mont.pl
index ec7e019a4380f..278314c57bd60 100755
--- a/crypto/openssl/crypto/bn/asm/ppc-mont.pl
+++ b/crypto/openssl/crypto/bn/asm/ppc-mont.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -1987,4 +1987,4 @@ ___
 
 $code =~ s/\`([^\`]*)\`/eval $1/gem;
 print $code;
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/bn/asm/ppc.pl b/crypto/openssl/crypto/bn/asm/ppc.pl
index d6d4e66f92e95..a8d3f14e9b8ee 100644
--- a/crypto/openssl/crypto/bn/asm/ppc.pl
+++ b/crypto/openssl/crypto/bn/asm/ppc.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2004-2019 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2004-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -2009,4 +2009,4 @@ Lppcasm_maw_adios:
 EOF
 $data =~ s/\`([^\`]*)\`/eval $1/gem;
 print $data;
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/bn/asm/ppc64-mont.pl b/crypto/openssl/crypto/bn/asm/ppc64-mont.pl
index c41b620bc23ec..b55fd46c824fb 100755
--- a/crypto/openssl/crypto/bn/asm/ppc64-mont.pl
+++ b/crypto/openssl/crypto/bn/asm/ppc64-mont.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -1649,4 +1649,4 @@ ___
 
 $code =~ s/\`([^\`]*)\`/eval $1/gem;
 print $code;
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/bn/asm/rsaz-avx2.pl b/crypto/openssl/crypto/bn/asm/rsaz-avx2.pl
index 85cd73c668bdd..9b54f9d9ed3ce 100755
--- a/crypto/openssl/crypto/bn/asm/rsaz-avx2.pl
+++ b/crypto/openssl/crypto/bn/asm/rsaz-avx2.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2013-2019 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2013-2020 The OpenSSL Project Authors. All Rights Reserved.
 # Copyright (c) 2012, Intel Corporation. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
@@ -66,7 +66,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
 	$addx = ($1>=11);
 }
 
-if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9])\.([0-9]+)/) {
+if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([0-9]+)\.([0-9]+)/) {
 	my $ver = $2 + $3/100.0;	# 3.1->3.01, 3.10->3.10
 	$avx = ($ver>=3.0) + ($ver>=3.01);
 	$addx = ($ver>=3.03);
@@ -1979,4 +1979,4 @@ rsaz_1024_gather5_avx2:
 ___
 }}}
 
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/bn/asm/rsaz-x86_64.pl b/crypto/openssl/crypto/bn/asm/rsaz-x86_64.pl
index b1797b649f003..8172dace74ee7 100755
--- a/crypto/openssl/crypto/bn/asm/rsaz-x86_64.pl
+++ b/crypto/openssl/crypto/bn/asm/rsaz-x86_64.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2013-2020 The OpenSSL Project Authors. All Rights Reserved.
 # Copyright (c) 2012, Intel Corporation. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
@@ -81,7 +81,7 @@ if (!$addx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
 	$addx = ($1>=12);
 }
 
-if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9])\.([0-9]+)/) {
+if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([0-9]+)\.([0-9]+)/) {
 	my $ver = $2 + $3/100.0;	# 3.1->3.01, 3.10->3.10
 	$addx = ($ver>=3.03);
 }
@@ -116,7 +116,7 @@ rsaz_512_sqr:				# 25-29% faster than rsaz_512_mul
 	subq	\$128+24, %rsp
 .cfi_adjust_cfa_offset	128+24
 .Lsqr_body:
-	movq	$mod, %rbp		# common argument
+	movq	$mod, %xmm1		# common off-load
 	movq	($inp), %rdx
 	movq	8($inp), %rax
 	movq	$n0, 128(%rsp)
@@ -134,7 +134,8 @@ $code.=<<___;
 .Loop_sqr:
 	movl	$times,128+8(%rsp)
 #first iteration
-	movq	%rdx, %rbx
+	movq	%rdx, %rbx		# 0($inp)
+	mov	%rax, %rbp		# 8($inp)
 	mulq	%rdx
 	movq	%rax, %r8
 	movq	16($inp), %rax
@@ -173,31 +174,29 @@ $code.=<<___;
 	mulq	%rbx
 	addq	%rax, %r14
 	movq	%rbx, %rax
-	movq	%rdx, %r15
-	adcq	\$0, %r15
+	adcq	\$0, %rdx
 
-	addq	%r8, %r8		#shlq	\$1, %r8
-	movq	%r9, %rcx
-	adcq	%r9, %r9		#shld	\$1, %r8, %r9
+	xorq	%rcx,%rcx		# rcx:r8 = r8 << 1
+	addq	%r8, %r8
+	 movq	%rdx, %r15
+	adcq	\$0, %rcx
 
 	mulq	%rax
-	movq	%rax, (%rsp)
-	addq	%rdx, %r8
-	adcq	\$0, %r9
+	addq	%r8, %rdx
+	adcq	\$0, %rcx
 
-	movq	%r8, 8(%rsp)
-	shrq	\$63, %rcx
+	movq	%rax, (%rsp)
+	movq	%rdx, 8(%rsp)
 
 #second iteration
-	movq	8($inp), %r8
 	movq	16($inp), %rax
-	mulq	%r8
+	mulq	%rbp
 	addq	%rax, %r10
 	movq	24($inp), %rax
 	movq	%rdx, %rbx
 	adcq	\$0, %rbx
 
-	mulq	%r8
+	mulq	%rbp
 	addq	%rax, %r11
 	movq	32($inp), %rax
 	adcq	\$0, %rdx
@@ -205,7 +204,7 @@ $code.=<<___;
 	movq	%rdx, %rbx
 	adcq	\$0, %rbx
 
-	mulq	%r8
+	mulq	%rbp
 	addq	%rax, %r12
 	movq	40($inp), %rax
 	adcq	\$0, %rdx
@@ -213,7 +212,7 @@ $code.=<<___;
 	movq	%rdx, %rbx
 	adcq	\$0, %rbx
 
-	mulq	%r8
+	mulq	%rbp
 	addq	%rax, %r13
 	movq	48($inp), %rax
 	adcq	\$0, %rdx
@@ -221,7 +220,7 @@ $code.=<<___;
 	movq	%rdx, %rbx
 	adcq	\$0, %rbx
 
-	mulq	%r8
+	mulq	%rbp
 	addq	%rax, %r14
 	movq	56($inp), %rax
 	adcq	\$0, %rdx
@@ -229,39 +228,39 @@ $code.=<<___;
 	movq	%rdx, %rbx
 	adcq	\$0, %rbx
 
-	mulq	%r8
+	mulq	%rbp
 	addq	%rax, %r15
-	movq	%r8, %rax
+	movq	%rbp, %rax
 	adcq	\$0, %rdx
 	addq	%rbx, %r15
-	movq	%rdx, %r8
-	movq	%r10, %rdx
-	adcq	\$0, %r8
+	adcq	\$0, %rdx
 
-	add	%rdx, %rdx
-	lea	(%rcx,%r10,2), %r10	#shld	\$1, %rcx, %r10
-	movq	%r11, %rbx
-	adcq	%r11, %r11		#shld	\$1, %r10, %r11
+	xorq	%rbx, %rbx		# rbx:r10:r9 = r10:r9 << 1
+	addq	%r9, %r9
+	 movq	%rdx, %r8
+	adcq	%r10, %r10
+	adcq	\$0, %rbx
 
 	mulq	%rax
+	# rcx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here
+	addq	%rcx, %rax
+	 movq	16($inp), %rbp
 	addq	%rax, %r9
+	 movq	24($inp), %rax
 	adcq	%rdx, %r10
-	adcq	\$0, %r11
+	adcq	\$0, %rbx
 
 	movq	%r9, 16(%rsp)
 	movq	%r10, 24(%rsp)
-	shrq	\$63, %rbx
 
 #third iteration
-	movq	16($inp), %r9
-	movq	24($inp), %rax
-	mulq	%r9
+	mulq	%rbp
 	addq	%rax, %r12
 	movq	32($inp), %rax
 	movq	%rdx, %rcx
 	adcq	\$0, %rcx
 
-	mulq	%r9
+	mulq	%rbp
 	addq	%rax, %r13
 	movq	40($inp), %rax
 	adcq	\$0, %rdx
@@ -269,7 +268,7 @@ $code.=<<___;
 	movq	%rdx, %rcx
 	adcq	\$0, %rcx
 
-	mulq	%r9
+	mulq	%rbp
 	addq	%rax, %r14
 	movq	48($inp), %rax
 	adcq	\$0, %rdx
@@ -277,9 +276,7 @@ $code.=<<___;
 	movq	%rdx, %rcx
 	adcq	\$0, %rcx
 
-	mulq	%r9
-	 movq	%r12, %r10
-	 lea	(%rbx,%r12,2), %r12	#shld	\$1, %rbx, %r12
+	mulq	%rbp
 	addq	%rax, %r15
 	movq	56($inp), %rax
 	adcq	\$0, %rdx
@@ -287,36 +284,40 @@ $code.=<<___;
 	movq	%rdx, %rcx
 	adcq	\$0, %rcx
 
-	mulq	%r9
-	 shrq	\$63, %r10
+	mulq	%rbp
 	addq	%rax, %r8
-	movq	%r9, %rax
+	movq	%rbp, %rax
 	adcq	\$0, %rdx
 	addq	%rcx, %r8
-	movq	%rdx, %r9
-	adcq	\$0, %r9
+	adcq	\$0, %rdx
 
-	movq	%r13, %rcx
-	leaq	(%r10,%r13,2), %r13	#shld	\$1, %r12, %r13
+	xorq	%rcx, %rcx		# rcx:r12:r11 = r12:r11 << 1
+	addq	%r11, %r11
+	 movq	%rdx, %r9
+	adcq	%r12, %r12
+	adcq	\$0, %rcx
 
 	mulq	%rax
+	# rbx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here
+	addq	%rbx, %rax
+	 movq	24($inp), %r10
 	addq	%rax, %r11
+	 movq	32($inp), %rax
 	adcq	%rdx, %r12
-	adcq	\$0, %r13
+	adcq	\$0, %rcx
 
 	movq	%r11, 32(%rsp)
 	movq	%r12, 40(%rsp)
-	shrq	\$63, %rcx
 
 #fourth iteration
-	movq	24($inp), %r10
-	movq	32($inp), %rax
+	mov	%rax, %r11		# 32($inp)
 	mulq	%r10
 	addq	%rax, %r14
 	movq	40($inp), %rax
 	movq	%rdx, %rbx
 	adcq	\$0, %rbx
 
+	mov	%rax, %r12		# 40($inp)
 	mulq	%r10
 	addq	%rax, %r15
 	movq	48($inp), %rax
@@ -325,9 +326,8 @@ $code.=<<___;
 	movq	%rdx, %rbx
 	adcq	\$0, %rbx
 
+	mov	%rax, %rbp		# 48($inp)
 	mulq	%r10
-	 movq	%r14, %r12
-	 leaq	(%rcx,%r14,2), %r14	#shld	\$1, %rcx, %r14
 	addq	%rax, %r8
 	movq	56($inp), %rax
 	adcq	\$0, %rdx
@@ -336,32 +336,33 @@ $code.=<<___;
 	adcq	\$0, %rbx
 
 	mulq	%r10
-	 shrq	\$63, %r12
 	addq	%rax, %r9
 	movq	%r10, %rax
 	adcq	\$0, %rdx
 	addq	%rbx, %r9
-	movq	%rdx, %r10
-	adcq	\$0, %r10
+	adcq	\$0, %rdx
 
-	movq	%r15, %rbx
-	leaq	(%r12,%r15,2),%r15	#shld	\$1, %r14, %r15
+	xorq	%rbx, %rbx		# rbx:r13:r14 = r13:r14 << 1
+	addq	%r13, %r13
+	 movq	%rdx, %r10
+	adcq	%r14, %r14
+	adcq	\$0, %rbx
 
 	mulq	%rax
+	# rcx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here
+	addq	%rcx, %rax
 	addq	%rax, %r13
+	 movq	%r12, %rax		# 40($inp)
 	adcq	%rdx, %r14
-	adcq	\$0, %r15
+	adcq	\$0, %rbx
 
 	movq	%r13, 48(%rsp)
 	movq	%r14, 56(%rsp)
-	shrq	\$63, %rbx
 
 #fifth iteration
-	movq	32($inp), %r11
-	movq	40($inp), %rax
 	mulq	%r11
 	addq	%rax, %r8
-	movq	48($inp), %rax
+	movq	%rbp, %rax		# 48($inp)
 	movq	%rdx, %rcx
 	adcq	\$0, %rcx
 
@@ -369,97 +370,99 @@ $code.=<<___;
 	addq	%rax, %r9
 	movq	56($inp), %rax
 	adcq	\$0, %rdx
-	 movq	%r8, %r12
-	 leaq	(%rbx,%r8,2), %r8	#shld	\$1, %rbx, %r8
 	addq	%rcx, %r9
 	movq	%rdx, %rcx
 	adcq	\$0, %rcx
 
+	mov	%rax, %r14		# 56($inp)
 	mulq	%r11
-	 shrq	\$63, %r12
 	addq	%rax, %r10
 	movq	%r11, %rax
 	adcq	\$0, %rdx
 	addq	%rcx, %r10
-	movq	%rdx, %r11
-	adcq	\$0, %r11
+	adcq	\$0, %rdx
 
-	movq	%r9, %rcx
-	leaq	(%r12,%r9,2), %r9	#shld	\$1, %r8, %r9
+	xorq	%rcx, %rcx		# rcx:r8:r15 = r8:r15 << 1
+	addq	%r15, %r15
+	 movq	%rdx, %r11
+	adcq	%r8, %r8
+	adcq	\$0, %rcx
 
 	mulq	%rax
+	# rbx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here
+	addq	%rbx, %rax
 	addq	%rax, %r15
+	 movq	%rbp, %rax		# 48($inp)
 	adcq	%rdx, %r8
-	adcq	\$0, %r9
+	adcq	\$0, %rcx
 
 	movq	%r15, 64(%rsp)
 	movq	%r8, 72(%rsp)
-	shrq	\$63, %rcx
 
 #sixth iteration
-	movq	40($inp), %r12
-	movq	48($inp), %rax
 	mulq	%r12
 	addq	%rax, %r10
-	movq	56($inp), %rax
+	movq	%r14, %rax		# 56($inp)
 	movq	%rdx, %rbx
 	adcq	\$0, %rbx
 
 	mulq	%r12
 	addq	%rax, %r11
 	movq	%r12, %rax
-	 movq	%r10, %r15
-	 leaq	(%rcx,%r10,2), %r10	#shld	\$1, %rcx, %r10
 	adcq	\$0, %rdx
-	 shrq	\$63, %r15
 	addq	%rbx, %r11
-	movq	%rdx, %r12
-	adcq	\$0, %r12
+	adcq	\$0, %rdx
 
-	movq	%r11, %rbx
-	leaq	(%r15,%r11,2), %r11	#shld	\$1, %r10, %r11
+	xorq	%rbx, %rbx		# rbx:r10:r9 = r10:r9 << 1
+	addq	%r9, %r9
+	 movq	%rdx, %r12
+	adcq	%r10, %r10
+	adcq	\$0, %rbx
 
 	mulq	%rax
+	# rcx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here
+	addq	%rcx, %rax
 	addq	%rax, %r9
+	 movq	%r14, %rax		# 56($inp)
 	adcq	%rdx, %r10
-	adcq	\$0, %r11
+	adcq	\$0, %rbx
 
 	movq	%r9, 80(%rsp)
 	movq	%r10, 88(%rsp)
 
 #seventh iteration
-	movq	48($inp), %r13
-	movq	56($inp), %rax
-	mulq	%r13
+	mulq	%rbp
 	addq	%rax, %r12
-	movq	%r13, %rax
-	movq	%rdx, %r13
-	adcq	\$0, %r13
+	movq	%rbp, %rax
+	adcq	\$0, %rdx
 
-	xorq	%r14, %r14
-	shlq	\$1, %rbx
-	adcq	%r12, %r12		#shld	\$1, %rbx, %r12
-	adcq	%r13, %r13		#shld	\$1, %r12, %r13
-	adcq	%r14, %r14		#shld	\$1, %r13, %r14
+	xorq	%rcx, %rcx		# rcx:r12:r11 = r12:r11 << 1
+	addq	%r11, %r11
+	 movq	%rdx, %r13
+	adcq	%r12, %r12
+	adcq	\$0, %rcx
 
 	mulq	%rax
+	# rbx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here
+	addq	%rbx, %rax
 	addq	%rax, %r11
+	 movq	%r14, %rax		# 56($inp)
 	adcq	%rdx, %r12
-	adcq	\$0, %r13
+	adcq	\$0, %rcx
 
 	movq	%r11, 96(%rsp)
 	movq	%r12, 104(%rsp)
 
 #eighth iteration
-	movq	56($inp), %rax
-	mulq	%rax
-	addq	%rax, %r13
-	adcq	\$0, %rdx
-
-	addq	%rdx, %r14
+	xorq	%rbx, %rbx		# rbx:r13 = r13 << 1
+	addq	%r13, %r13
+	adcq	\$0, %rbx
 
-	movq	%r13, 112(%rsp)
-	movq	%r14, 120(%rsp)
+	mulq	%rax
+	# rcx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here
+	addq	%rcx, %rax
+	addq	%r13, %rax
+	adcq	%rbx, %rdx
 
 	movq	(%rsp), %r8
 	movq	8(%rsp), %r9
@@ -469,6 +472,10 @@ $code.=<<___;
 	movq	40(%rsp), %r13
 	movq	48(%rsp), %r14
 	movq	56(%rsp), %r15
+	movq	%xmm1, %rbp
+
+	movq	%rax, 112(%rsp)
+	movq	%rdx, 120(%rsp)
 
 	call	__rsaz_512_reduce
 
@@ -500,9 +507,9 @@ $code.=<<___;
 .Loop_sqrx:
 	movl	$times,128+8(%rsp)
 	movq	$out, %xmm0		# off-load
-	movq	%rbp, %xmm1		# off-load
 #first iteration
 	mulx	%rax, %r8, %r9
+	mov	%rax, %rbx
 
 	mulx	16($inp), %rcx, %r10
 	xor	%rbp, %rbp		# cf=0, of=0
@@ -510,40 +517,39 @@ $code.=<<___;
 	mulx	24($inp), %rax, %r11
 	adcx	%rcx, %r9
 
-	mulx	32($inp), %rcx, %r12
+	.byte	0xc4,0x62,0xf3,0xf6,0xa6,0x20,0x00,0x00,0x00	# mulx	32($inp), %rcx, %r12
 	adcx	%rax, %r10
 
-	mulx	40($inp), %rax, %r13
+	.byte	0xc4,0x62,0xfb,0xf6,0xae,0x28,0x00,0x00,0x00	# mulx	40($inp), %rax, %r13
 	adcx	%rcx, %r11
 
-	.byte	0xc4,0x62,0xf3,0xf6,0xb6,0x30,0x00,0x00,0x00	# mulx	48($inp), %rcx, %r14
+	mulx	48($inp), %rcx, %r14
 	adcx	%rax, %r12
 	adcx	%rcx, %r13
 
-	.byte	0xc4,0x62,0xfb,0xf6,0xbe,0x38,0x00,0x00,0x00	# mulx	56($inp), %rax, %r15
+	mulx	56($inp), %rax, %r15
 	adcx	%rax, %r14
 	adcx	%rbp, %r15		# %rbp is 0
 
-	mov	%r9, %rcx
-	shld	\$1, %r8, %r9
-	shl	\$1, %r8
-
-	xor	%ebp, %ebp
-	mulx	%rdx, %rax, %rdx
-	adcx	%rdx, %r8
-	 mov	8($inp), %rdx
-	adcx	%rbp, %r9
+	mulx	%rdx, %rax, $out
+	 mov	%rbx, %rdx		# 8($inp)
+	xor	%rcx, %rcx
+	adox	%r8, %r8
+	adcx	$out, %r8
+	adox	%rbp, %rcx
+	adcx	%rbp, %rcx
 
 	mov	%rax, (%rsp)
 	mov	%r8, 8(%rsp)
 
 #second iteration
-	mulx	16($inp), %rax, %rbx
+	.byte	0xc4,0xe2,0xfb,0xf6,0x9e,0x10,0x00,0x00,0x00	# mulx	16($inp), %rax, %rbx
 	adox	%rax, %r10
 	adcx	%rbx, %r11
 
-	.byte	0xc4,0x62,0xc3,0xf6,0x86,0x18,0x00,0x00,0x00	# mulx	24($inp), $out, %r8
+	mulx	24($inp), $out, %r8
 	adox	$out, %r11
+	.byte	0x66
 	adcx	%r8, %r12
 
 	mulx	32($inp), %rax, %rbx
@@ -561,24 +567,25 @@ $code.=<<___;
 	.byte	0xc4,0x62,0xc3,0xf6,0x86,0x38,0x00,0x00,0x00	# mulx	56($inp), $out, %r8
 	adox	$out, %r15
 	adcx	%rbp, %r8
+	 mulx	%rdx, %rax, $out
 	adox	%rbp, %r8
+	 .byte	0x48,0x8b,0x96,0x10,0x00,0x00,0x00		# mov	16($inp), %rdx
 
-	mov	%r11, %rbx
-	shld	\$1, %r10, %r11
-	shld	\$1, %rcx, %r10
-
-	xor	%ebp,%ebp
-	mulx	%rdx, %rax, %rcx
-	 mov	16($inp), %rdx
+	xor	%rbx, %rbx
+	 adox	%r9, %r9
+	# rcx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here
+	adcx	%rcx, %rax
+	adox	%r10, %r10
 	adcx	%rax, %r9
-	adcx	%rcx, %r10
-	adcx	%rbp, %r11
+	adox	%rbp, %rbx
+	adcx	$out, %r10
+	adcx	%rbp, %rbx
 
 	mov	%r9, 16(%rsp)
 	.byte	0x4c,0x89,0x94,0x24,0x18,0x00,0x00,0x00		# mov	%r10, 24(%rsp)
 
 #third iteration
-	.byte	0xc4,0x62,0xc3,0xf6,0x8e,0x18,0x00,0x00,0x00	# mulx	24($inp), $out, %r9
+	mulx	24($inp), $out, %r9
 	adox	$out, %r12
 	adcx	%r9, %r13
 
@@ -586,7 +593,7 @@ $code.=<<___;
 	adox	%rax, %r13
 	adcx	%rcx, %r14
 
-	mulx	40($inp), $out, %r9
+	.byte	0xc4,0x62,0xc3,0xf6,0x8e,0x28,0x00,0x00,0x00	# mulx	40($inp), $out, %r9
 	adox	$out, %r14
 	adcx	%r9, %r15
 
@@ -594,27 +601,28 @@ $code.=<<___;
 	adox	%rax, %r15
 	adcx	%rcx, %r8
 
-	.byte	0xc4,0x62,0xc3,0xf6,0x8e,0x38,0x00,0x00,0x00	# mulx	56($inp), $out, %r9
+	mulx	56($inp), $out, %r9
 	adox	$out, %r8
 	adcx	%rbp, %r9
+	 mulx	%rdx, %rax, $out
 	adox	%rbp, %r9
+	 mov	24($inp), %rdx
 
-	mov	%r13, %rcx
-	shld	\$1, %r12, %r13
-	shld	\$1, %rbx, %r12
-
-	xor	%ebp, %ebp
-	mulx	%rdx, %rax, %rdx
+	xor	%rcx, %rcx
+	 adox	%r11, %r11
+	# rbx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here
+	adcx	%rbx, %rax
+	adox	%r12, %r12
 	adcx	%rax, %r11
-	adcx	%rdx, %r12
-	 mov	24($inp), %rdx
-	adcx	%rbp, %r13
+	adox	%rbp, %rcx
+	adcx	$out, %r12
+	adcx	%rbp, %rcx
 
 	mov	%r11, 32(%rsp)
-	.byte	0x4c,0x89,0xa4,0x24,0x28,0x00,0x00,0x00		# mov	%r12, 40(%rsp)
+	mov	%r12, 40(%rsp)
 
 #fourth iteration
-	.byte	0xc4,0xe2,0xfb,0xf6,0x9e,0x20,0x00,0x00,0x00	# mulx	32($inp), %rax, %rbx
+	mulx	32($inp), %rax, %rbx
 	adox	%rax, %r14
 	adcx	%rbx, %r15
 
@@ -629,25 +637,25 @@ $code.=<<___;
 	mulx	56($inp), $out, %r10
 	adox	$out, %r9
 	adcx	%rbp, %r10
+	 mulx	%rdx, %rax, $out
 	adox	%rbp, %r10
+	 mov	32($inp), %rdx
 
-	.byte	0x66
-	mov	%r15, %rbx
-	shld	\$1, %r14, %r15
-	shld	\$1, %rcx, %r14
-
-	xor	%ebp, %ebp
-	mulx	%rdx, %rax, %rdx
+	xor	%rbx, %rbx
+	 adox	%r13, %r13
+	# rcx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here
+	adcx	%rcx, %rax
+	adox	%r14, %r14
 	adcx	%rax, %r13
-	adcx	%rdx, %r14
-	 mov	32($inp), %rdx
-	adcx	%rbp, %r15
+	adox	%rbp, %rbx
+	adcx	$out, %r14
+	adcx	%rbp, %rbx
 
 	mov	%r13, 48(%rsp)
 	mov	%r14, 56(%rsp)
 
 #fifth iteration
-	.byte	0xc4,0x62,0xc3,0xf6,0x9e,0x28,0x00,0x00,0x00	# mulx	40($inp), $out, %r11
+	mulx	40($inp), $out, %r11
 	adox	$out, %r8
 	adcx	%r11, %r9
 
@@ -658,18 +666,19 @@ $code.=<<___;
 	mulx	56($inp), $out, %r11
 	adox	$out, %r10
 	adcx	%rbp, %r11
+	 mulx	%rdx, %rax, $out
+	 mov	40($inp), %rdx
 	adox	%rbp, %r11
 
-	mov	%r9, %rcx
-	shld	\$1, %r8, %r9
-	shld	\$1, %rbx, %r8
-
-	xor	%ebp, %ebp
-	mulx	%rdx, %rax, %rdx
+	xor	%rcx, %rcx
+	 adox	%r15, %r15
+	# rbx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here
+	adcx	%rbx, %rax
+	adox	%r8, %r8
 	adcx	%rax, %r15
-	adcx	%rdx, %r8
-	 mov	40($inp), %rdx
-	adcx	%rbp, %r9
+	adox	%rbp, %rcx
+	adcx	$out, %r8
+	adcx	%rbp, %rcx
 
 	mov	%r15, 64(%rsp)
 	mov	%r8, 72(%rsp)
@@ -682,18 +691,19 @@ $code.=<<___;
 	.byte	0xc4,0x62,0xc3,0xf6,0xa6,0x38,0x00,0x00,0x00	# mulx	56($inp), $out, %r12
 	adox	$out, %r11
 	adcx	%rbp, %r12
+	 mulx	%rdx, %rax, $out
 	adox	%rbp, %r12
+	 mov	48($inp), %rdx
 
-	mov	%r11, %rbx
-	shld	\$1, %r10, %r11
-	shld	\$1, %rcx, %r10
-
-	xor	%ebp, %ebp
-	mulx	%rdx, %rax, %rdx
+	xor	%rbx, %rbx
+	 adox	%r9, %r9
+	# rcx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here
+	adcx	%rcx, %rax
+	adox	%r10, %r10
 	adcx	%rax, %r9
-	adcx	%rdx, %r10
-	 mov	48($inp), %rdx
-	adcx	%rbp, %r11
+	adcx	$out, %r10
+	adox	%rbp, %rbx
+	adcx	%rbp, %rbx
 
 	mov	%r9, 80(%rsp)
 	mov	%r10, 88(%rsp)
@@ -703,31 +713,31 @@ $code.=<<___;
 	adox	%rax, %r12
 	adox	%rbp, %r13
 
-	xor	%r14, %r14
-	shld	\$1, %r13, %r14
-	shld	\$1, %r12, %r13
-	shld	\$1, %rbx, %r12
-
-	xor	%ebp, %ebp
-	mulx	%rdx, %rax, %rdx
-	adcx	%rax, %r11
-	adcx	%rdx, %r12
+	mulx	%rdx, %rax, $out
+	xor	%rcx, %rcx
 	 mov	56($inp), %rdx
-	adcx	%rbp, %r13
+	 adox	%r11, %r11
+	# rbx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here
+	adcx	%rbx, %rax
+	adox	%r12, %r12
+	adcx	%rax, %r11
+	adox	%rbp, %rcx
+	adcx	$out, %r12
+	adcx	%rbp, %rcx
 
 	.byte	0x4c,0x89,0x9c,0x24,0x60,0x00,0x00,0x00		# mov	%r11, 96(%rsp)
 	.byte	0x4c,0x89,0xa4,0x24,0x68,0x00,0x00,0x00		# mov	%r12, 104(%rsp)
 
 #eighth iteration
 	mulx	%rdx, %rax, %rdx
-	adox	%rax, %r13
-	adox	%rbp, %rdx
+	xor	%rbx, %rbx
+	 adox	%r13, %r13
+	# rcx <= 2 and rax <= 0xFFFF..F9, so carry must be zero here
+	adcx	%rcx, %rax
+	adox	%rbp, %rbx
+	adcx	%r13, %rax
+	adcx	%rdx, %rbx
 
-	.byte	0x66
-	add	%rdx, %r14
-
-	movq	%r13, 112(%rsp)
-	movq	%r14, 120(%rsp)
 	movq	%xmm0, $out
 	movq	%xmm1, %rbp
 
@@ -741,6 +751,9 @@ $code.=<<___;
 	movq	48(%rsp), %r14
 	movq	56(%rsp), %r15
 
+	movq	%rax, 112(%rsp)
+	movq	%rbx, 120(%rsp)
+
 	call	__rsaz_512_reducex
 
 	addq	64(%rsp), %r8
@@ -1606,6 +1619,7 @@ $code.=<<___;
 .type	__rsaz_512_reduce,\@abi-omnipotent
 .align	32
 __rsaz_512_reduce:
+.cfi_startproc
 	movq	%r8, %rbx
 	imulq	128+8(%rsp), %rbx
 	movq	0(%rbp), %rax
@@ -1685,6 +1699,7 @@ __rsaz_512_reduce:
 	jne	.Lreduction_loop
 
 	ret
+.cfi_endproc
 .size	__rsaz_512_reduce,.-__rsaz_512_reduce
 ___
 }
@@ -1698,6 +1713,7 @@ $code.=<<___;
 .type	__rsaz_512_reducex,\@abi-omnipotent
 .align	32
 __rsaz_512_reducex:
+.cfi_startproc
 	#movq	128+8(%rsp), %rdx		# pull $n0
 	imulq	%r8, %rdx
 	xorq	%rsi, %rsi			# cf=0,of=0
@@ -1750,6 +1766,7 @@ __rsaz_512_reducex:
 	jne	.Lreduction_loopx
 
 	ret
+.cfi_endproc
 .size	__rsaz_512_reducex,.-__rsaz_512_reducex
 ___
 }
@@ -1761,6 +1778,7 @@ $code.=<<___;
 .type	__rsaz_512_subtract,\@abi-omnipotent
 .align	32
 __rsaz_512_subtract:
+.cfi_startproc
 	movq	%r8, ($out)
 	movq	%r9, 8($out)
 	movq	%r10, 16($out)
@@ -1814,6 +1832,7 @@ __rsaz_512_subtract:
 	movq	%r15, 56($out)
 
 	ret
+.cfi_endproc
 .size	__rsaz_512_subtract,.-__rsaz_512_subtract
 ___
 }
@@ -1827,6 +1846,7 @@ $code.=<<___;
 .type	__rsaz_512_mul,\@abi-omnipotent
 .align	32
 __rsaz_512_mul:
+.cfi_startproc
 	leaq	8(%rsp), %rdi
 
 	movq	($ap), %rax
@@ -1965,6 +1985,7 @@ __rsaz_512_mul:
 	movq	%r15, 56(%rdi)
 
 	ret
+.cfi_endproc
 .size	__rsaz_512_mul,.-__rsaz_512_mul
 ___
 }
@@ -1979,6 +2000,7 @@ $code.=<<___;
 .type	__rsaz_512_mulx,\@abi-omnipotent
 .align	32
 __rsaz_512_mulx:
+.cfi_startproc
 	mulx	($ap), %rbx, %r8	# initial %rdx preloaded by caller
 	mov	\$-6, %rcx
 
@@ -2095,6 +2117,7 @@ __rsaz_512_mulx:
 	mov	%r15, 8+64+56(%rsp)
 
 	ret
+.cfi_endproc
 .size	__rsaz_512_mulx,.-__rsaz_512_mulx
 ___
 }
@@ -2105,6 +2128,7 @@ $code.=<<___;
 .type	rsaz_512_scatter4,\@abi-omnipotent
 .align	16
 rsaz_512_scatter4:
+.cfi_startproc
 	leaq	($out,$power,8), $out
 	movl	\$8, %r9d
 	jmp	.Loop_scatter
@@ -2117,12 +2141,14 @@ rsaz_512_scatter4:
 	decl	%r9d
 	jnz	.Loop_scatter
 	ret
+.cfi_endproc
 .size	rsaz_512_scatter4,.-rsaz_512_scatter4
 
 .globl	rsaz_512_gather4
 .type	rsaz_512_gather4,\@abi-omnipotent
 .align	16
 rsaz_512_gather4:
+.cfi_startproc
 ___
 $code.=<<___	if ($win64);
 .LSEH_begin_rsaz_512_gather4:
@@ -2217,6 +2243,7 @@ ___
 $code.=<<___;
 	ret
 .LSEH_end_rsaz_512_gather4:
+.cfi_endproc
 .size	rsaz_512_gather4,.-rsaz_512_gather4
 
 .align	64
@@ -2401,4 +2428,4 @@ ___
 
 $code =~ s/\`([^\`]*)\`/eval $1/gem;
 print $code;
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/bn/asm/s390x-gf2m.pl b/crypto/openssl/crypto/bn/asm/s390x-gf2m.pl
index 06181bf9b95f7..a7e4b8a97d307 100755
--- a/crypto/openssl/crypto/bn/asm/s390x-gf2m.pl
+++ b/crypto/openssl/crypto/bn/asm/s390x-gf2m.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -225,4 +225,4 @@ ___
 
 $code =~ s/\`([^\`]*)\`/eval($1)/gem;
 print $code;
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/bn/asm/s390x-mont.pl b/crypto/openssl/crypto/bn/asm/s390x-mont.pl
index c2fc5adffe0d1..bc8c8951e0608 100755
--- a/crypto/openssl/crypto/bn/asm/s390x-mont.pl
+++ b/crypto/openssl/crypto/bn/asm/s390x-mont.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -145,7 +145,7 @@ $code.=<<___;
 	lghi	$NHI,0
 	alcgr	$NHI,$nhi
 
-	la	$j,8(%r0)	# j=1
+	la	$j,8		# j=1
 	lr	$count,$num
 
 .align	16
@@ -197,7 +197,7 @@ $code.=<<___;
 	lghi	$NHI,0
 	alcgr	$NHI,$nhi
 
-	la	$j,8(%r0)	# j=1
+	la	$j,8		# j=1
 	lr	$count,$num
 
 .align	16
@@ -241,7 +241,7 @@ $code.=<<___;
 	la	$ap,$stdframe($sp)
 	ahi	$num,1		# restore $num, incidentally clears "borrow"
 
-	la	$j,0(%r0)
+	la	$j,0
 	lr	$count,$num
 .Lsub:	lg	$alo,0($j,$ap)
 	lg	$nlo,0($j,$np)
@@ -255,7 +255,7 @@ $code.=<<___;
 	lghi	$NHI,-1
 	xgr	$NHI,$AHI
 
-	la	$j,0(%r0)
+	la	$j,0
 	lgr	$count,$num
 .Lcopy:	lg	$ahi,$stdframe($j,$sp)	# conditional copy
 	lg	$alo,0($j,$rp)
@@ -281,4 +281,4 @@ foreach (split("\n",$code)) {
 	s/_dswap\s+(%r[0-9]+)/sprintf("rllg\t%s,%s,32",$1,$1) if($SIZE_T==4)/e;
 	print $_,"\n";
 }
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/bn/asm/s390x.S b/crypto/openssl/crypto/bn/asm/s390x.S
index 292a7a9998bd4..b666c41a88a40 100644
--- a/crypto/openssl/crypto/bn/asm/s390x.S
+++ b/crypto/openssl/crypto/bn/asm/s390x.S
@@ -511,7 +511,7 @@ bn_mul_comba4:
 	lghi	zero,0
 
 	mul_add_c(0,0,c1,c2,c3);
-	stg	c1,0*8(%r3)
+	stg	c1,0*8(%r2)
 	lghi	c1,0
 
 	mul_add_c(0,1,c2,c3,c1);
diff --git a/crypto/openssl/crypto/bn/asm/sparct4-mont.pl b/crypto/openssl/crypto/bn/asm/sparct4-mont.pl
index fcae9cfc5b44b..62e297a01692d 100755
--- a/crypto/openssl/crypto/bn/asm/sparct4-mont.pl
+++ b/crypto/openssl/crypto/bn/asm/sparct4-mont.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2012-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -1225,4 +1225,4 @@ ___
 
 &emit_assembler();
 
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/bn/asm/sparcv9-gf2m.pl b/crypto/openssl/crypto/bn/asm/sparcv9-gf2m.pl
index dcf11a87a18e2..238a93dca56c6 100755
--- a/crypto/openssl/crypto/bn/asm/sparcv9-gf2m.pl
+++ b/crypto/openssl/crypto/bn/asm/sparcv9-gf2m.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -197,4 +197,4 @@ ___
 
 $code =~ s/\`([^\`]*)\`/eval($1)/gem;
 print $code;
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/bn/asm/sparcv9-mont.pl b/crypto/openssl/crypto/bn/asm/sparcv9-mont.pl
index b41903af985f5..d1a3c2bc43434 100755
--- a/crypto/openssl/crypto/bn/asm/sparcv9-mont.pl
+++ b/crypto/openssl/crypto/bn/asm/sparcv9-mont.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -617,4 +617,4 @@ $code.=<<___;
 ___
 $code =~ s/\`([^\`]*)\`/eval($1)/gem;
 print $code;
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/bn/asm/sparcv9a-mont.pl b/crypto/openssl/crypto/bn/asm/sparcv9a-mont.pl
index c8f759df9fbd1..7a1fca1263a96 100755
--- a/crypto/openssl/crypto/bn/asm/sparcv9a-mont.pl
+++ b/crypto/openssl/crypto/bn/asm/sparcv9a-mont.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -884,4 +884,4 @@ $code =~ s/fzeros\s+%f([0-9]+)/
 
 print $code;
 # flush
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/bn/asm/via-mont.pl b/crypto/openssl/crypto/bn/asm/via-mont.pl
index 9cf717e841024..9dbc8d4587923 100755
--- a/crypto/openssl/crypto/bn/asm/via-mont.pl
+++ b/crypto/openssl/crypto/bn/asm/via-mont.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -248,4 +248,4 @@ $sp=&DWP(28,"esp");
 
 &asm_finish();
 
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/bn/asm/vis3-mont.pl b/crypto/openssl/crypto/bn/asm/vis3-mont.pl
index 04833a0c876df..d797af8745dc1 100755
--- a/crypto/openssl/crypto/bn/asm/vis3-mont.pl
+++ b/crypto/openssl/crypto/bn/asm/vis3-mont.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2012-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -381,4 +381,4 @@ foreach (split("\n",$code)) {
 	print $_,"\n";
 }
 
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/bn/asm/x86-gf2m.pl b/crypto/openssl/crypto/bn/asm/x86-gf2m.pl
index d03efcc75023d..436d90b11ea4d 100755
--- a/crypto/openssl/crypto/bn/asm/x86-gf2m.pl
+++ b/crypto/openssl/crypto/bn/asm/x86-gf2m.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -322,4 +322,4 @@ if ($sse2) {
 
 &asm_finish();
 
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/bn/asm/x86-mont.pl b/crypto/openssl/crypto/bn/asm/x86-mont.pl
index 7ba2133ac9c3a..2103f806b65ac 100755
--- a/crypto/openssl/crypto/bn/asm/x86-mont.pl
+++ b/crypto/openssl/crypto/bn/asm/x86-mont.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -628,4 +628,4 @@ $sbit=$num;
 
 &asm_finish();
 
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/bn/asm/x86_64-gcc.c b/crypto/openssl/crypto/bn/asm/x86_64-gcc.c
index 31839ba060fa5..e6fdaadf0e912 100644
--- a/crypto/openssl/crypto/bn/asm/x86_64-gcc.c
+++ b/crypto/openssl/crypto/bn/asm/x86_64-gcc.c
@@ -7,7 +7,7 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include "../bn_lcl.h"
+#include "../bn_local.h"
 #if !(defined(__GNUC__) && __GNUC__>=2)
 # include "../bn_asm.c"         /* kind of dirty hack for Sun Studio */
 #else
diff --git a/crypto/openssl/crypto/bn/asm/x86_64-gf2m.pl b/crypto/openssl/crypto/bn/asm/x86_64-gf2m.pl
index 0fd6e985d7b05..655f13c89ee8a 100755
--- a/crypto/openssl/crypto/bn/asm/x86_64-gf2m.pl
+++ b/crypto/openssl/crypto/bn/asm/x86_64-gf2m.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -421,4 +421,4 @@ ___
 
 $code =~ s/\`([^\`]*)\`/eval($1)/gem;
 print $code;
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/bn/asm/x86_64-mont.pl b/crypto/openssl/crypto/bn/asm/x86_64-mont.pl
index c051135e30dd3..e00cac448b894 100755
--- a/crypto/openssl/crypto/bn/asm/x86_64-mont.pl
+++ b/crypto/openssl/crypto/bn/asm/x86_64-mont.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -75,7 +75,7 @@ if (!$addx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
 	$addx = ($1>=12);
 }
 
-if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9])\.([0-9]+)/) {
+if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([0-9]+)\.([0-9]+)/) {
 	my $ver = $2 + $3/100.0;	# 3.1->3.01, 3.10->3.10
 	$addx = ($ver>=3.03);
 }
@@ -1589,4 +1589,4 @@ ___
 }
 
 print $code;
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/bn/asm/x86_64-mont5.pl b/crypto/openssl/crypto/bn/asm/x86_64-mont5.pl
index f43e13d11643a..887770b30db13 100755
--- a/crypto/openssl/crypto/bn/asm/x86_64-mont5.pl
+++ b/crypto/openssl/crypto/bn/asm/x86_64-mont5.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2011-2019 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -60,7 +60,7 @@ if (!$addx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
 	$addx = ($1>=12);
 }
 
-if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9])\.([0-9]+)/) {
+if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([0-9]+)\.([0-9]+)/) {
 	my $ver = $2 + $3/100.0;	# 3.1->3.01, 3.10->3.10
 	$addx = ($ver>=3.03);
 }
@@ -580,6 +580,7 @@ $code.=<<___;
 .type	mul4x_internal,\@abi-omnipotent
 .align	32
 mul4x_internal:
+.cfi_startproc
 	shl	\$5,$num		# $num was in bytes
 	movd	`($win64?56:8)`(%rax),%xmm5	# load 7th argument, index
 	lea	.Linc(%rip),%rax
@@ -1074,6 +1075,7 @@ $code.=<<___
 ___
 }
 $code.=<<___;
+.cfi_endproc
 .size	mul4x_internal,.-mul4x_internal
 ___
 }}}
@@ -1239,6 +1241,7 @@ $code.=<<___;
 .align	32
 bn_sqr8x_internal:
 __bn_sqr8x_internal:
+.cfi_startproc
 	##############################################################
 	# Squaring part:
 	#
@@ -2030,6 +2033,7 @@ __bn_sqr8x_reduction:
 	cmp	%rdx,$tptr		# end of t[]?
 	jb	.L8x_reduction_loop
 	ret
+.cfi_endproc
 .size	bn_sqr8x_internal,.-bn_sqr8x_internal
 ___
 }
@@ -2042,6 +2046,7 @@ $code.=<<___;
 .type	__bn_post4x_internal,\@abi-omnipotent
 .align	32
 __bn_post4x_internal:
+.cfi_startproc
 	mov	8*0($nptr),%r12
 	lea	(%rdi,$num),$tptr	# %rdi was $tptr above
 	mov	$num,%rcx
@@ -2092,6 +2097,7 @@ __bn_post4x_internal:
 	mov	$num,%r10		# prepare for back-to-back call
 	neg	$num			# restore $num
 	ret
+.cfi_endproc
 .size	__bn_post4x_internal,.-__bn_post4x_internal
 ___
 }
@@ -2101,10 +2107,12 @@ $code.=<<___;
 .type	bn_from_montgomery,\@abi-omnipotent
 .align	32
 bn_from_montgomery:
+.cfi_startproc
 	testl	\$7,`($win64?"48(%rsp)":"%r9d")`
 	jz	bn_from_mont8x
 	xor	%eax,%eax
 	ret
+.cfi_endproc
 .size	bn_from_montgomery,.-bn_from_montgomery
 
 .type	bn_from_mont8x,\@function,6
@@ -2400,6 +2408,7 @@ bn_mulx4x_mont_gather5:
 .type	mulx4x_internal,\@abi-omnipotent
 .align	32
 mulx4x_internal:
+.cfi_startproc
 	mov	$num,8(%rsp)		# save -$num (it was in bytes)
 	mov	$num,%r10
 	neg	$num			# restore $num
@@ -2750,6 +2759,7 @@ $code.=<<___;
 	mov	8*2(%rbp),%r14
 	mov	8*3(%rbp),%r15
 	jmp	.Lsqrx4x_sub_entry	# common post-condition
+.cfi_endproc
 .size	mulx4x_internal,.-mulx4x_internal
 ___
 }{
@@ -3555,6 +3565,7 @@ my ($rptr,$nptr)=("%rdx","%rbp");
 $code.=<<___;
 .align	32
 __bn_postx4x_internal:
+.cfi_startproc
 	mov	8*0($nptr),%r12
 	mov	%rcx,%r10		# -$num
 	mov	%rcx,%r9		# -$num
@@ -3602,6 +3613,7 @@ __bn_postx4x_internal:
 	neg	%r9			# restore $num
 
 	ret
+.cfi_endproc
 .size	__bn_postx4x_internal,.-__bn_postx4x_internal
 ___
 }
@@ -3618,6 +3630,7 @@ $code.=<<___;
 .type	bn_get_bits5,\@abi-omnipotent
 .align	16
 bn_get_bits5:
+.cfi_startproc
 	lea	0($inp),%r10
 	lea	1($inp),%r11
 	mov	$num,%ecx
@@ -3631,12 +3644,14 @@ bn_get_bits5:
 	shrl	%cl,%eax
 	and	\$31,%eax
 	ret
+.cfi_endproc
 .size	bn_get_bits5,.-bn_get_bits5
 
 .globl	bn_scatter5
 .type	bn_scatter5,\@abi-omnipotent
 .align	16
 bn_scatter5:
+.cfi_startproc
 	cmp	\$0, $num
 	jz	.Lscatter_epilogue
 	lea	($tbl,$idx,8),$tbl
@@ -3649,6 +3664,7 @@ bn_scatter5:
 	jnz	.Lscatter
 .Lscatter_epilogue:
 	ret
+.cfi_endproc
 .size	bn_scatter5,.-bn_scatter5
 
 .globl	bn_gather5
@@ -3656,6 +3672,7 @@ bn_scatter5:
 .align	32
 bn_gather5:
 .LSEH_begin_bn_gather5:			# Win64 thing, but harmless in other cases
+.cfi_startproc
 	# I can't trust assembler to use specific encoding:-(
 	.byte	0x4c,0x8d,0x14,0x24			#lea    (%rsp),%r10
 	.byte	0x48,0x81,0xec,0x08,0x01,0x00,0x00	#sub	$0x108,%rsp
@@ -3740,6 +3757,7 @@ $code.=<<___;
 	lea	(%r10),%rsp
 	ret
 .LSEH_end_bn_gather5:
+.cfi_endproc
 .size	bn_gather5,.-bn_gather5
 ___
 }
@@ -3942,4 +3960,4 @@ ___
 $code =~ s/\`([^\`]*)\`/eval($1)/gem;
 
 print $code;
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/bn/bn_add.c b/crypto/openssl/crypto/bn/bn_add.c
index f2736b8f6d419..8ffe49618a8be 100644
--- a/crypto/openssl/crypto/bn/bn_add.c
+++ b/crypto/openssl/crypto/bn/bn_add.c
@@ -8,7 +8,7 @@
  */
 
 #include "internal/cryptlib.h"
-#include "bn_lcl.h"
+#include "bn_local.h"
 
 /* signed add of b to a. */
 int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
diff --git a/crypto/openssl/crypto/bn/bn_asm.c b/crypto/openssl/crypto/bn/bn_asm.c
index 729b2480acd18..4d83a8cf1115d 100644
--- a/crypto/openssl/crypto/bn/bn_asm.c
+++ b/crypto/openssl/crypto/bn/bn_asm.c
@@ -10,7 +10,7 @@
 #include <assert.h>
 #include <openssl/crypto.h>
 #include "internal/cryptlib.h"
-#include "bn_lcl.h"
+#include "bn_local.h"
 
 #if defined(BN_LLONG) || defined(BN_UMULT_HIGH)
 
diff --git a/crypto/openssl/crypto/bn/bn_blind.c b/crypto/openssl/crypto/bn/bn_blind.c
index 450cdfb34866e..76fc7ebcffc0b 100644
--- a/crypto/openssl/crypto/bn/bn_blind.c
+++ b/crypto/openssl/crypto/bn/bn_blind.c
@@ -9,7 +9,7 @@
 
 #include <openssl/opensslconf.h>
 #include "internal/cryptlib.h"
-#include "bn_lcl.h"
+#include "bn_local.h"
 
 #define BN_BLINDING_COUNTER     32
 
diff --git a/crypto/openssl/crypto/bn/bn_ctx.c b/crypto/openssl/crypto/bn/bn_ctx.c
index 90cecea2aa5d2..042cb247d37f7 100644
--- a/crypto/openssl/crypto/bn/bn_ctx.c
+++ b/crypto/openssl/crypto/bn/bn_ctx.c
@@ -8,7 +8,7 @@
  */
 
 #include "internal/cryptlib.h"
-#include "bn_lcl.h"
+#include "bn_local.h"
 
 /*-
  * TODO list
diff --git a/crypto/openssl/crypto/bn/bn_depr.c b/crypto/openssl/crypto/bn/bn_depr.c
index 58bcf197a490e..b60269cd57a65 100644
--- a/crypto/openssl/crypto/bn/bn_depr.c
+++ b/crypto/openssl/crypto/bn/bn_depr.c
@@ -20,7 +20,7 @@ NON_EMPTY_TRANSLATION_UNIT
 # include <stdio.h>
 # include <time.h>
 # include "internal/cryptlib.h"
-# include "bn_lcl.h"
+# include "bn_local.h"
 
 BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe,
                           const BIGNUM *add, const BIGNUM *rem,
diff --git a/crypto/openssl/crypto/bn/bn_dh.c b/crypto/openssl/crypto/bn/bn_dh.c
index 38acdee234d08..58c44f0b179e3 100644
--- a/crypto/openssl/crypto/bn/bn_dh.c
+++ b/crypto/openssl/crypto/bn/bn_dh.c
@@ -7,12 +7,12 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include "bn_lcl.h"
+#include "bn_local.h"
 #include "internal/nelem.h"
 
 #ifndef OPENSSL_NO_DH
 #include <openssl/dh.h>
-#include "internal/bn_dh.h"
+#include "crypto/bn_dh.h"
 /* DH parameters from RFC5114 */
 
 # if BN_BITS2 == 64
diff --git a/crypto/openssl/crypto/bn/bn_div.c b/crypto/openssl/crypto/bn/bn_div.c
index 7fc0132830a12..286d69c895fd1 100644
--- a/crypto/openssl/crypto/bn/bn_div.c
+++ b/crypto/openssl/crypto/bn/bn_div.c
@@ -10,7 +10,7 @@
 #include <assert.h>
 #include <openssl/bn.h>
 #include "internal/cryptlib.h"
-#include "bn_lcl.h"
+#include "bn_local.h"
 
 /* The old slow way */
 #if 0
diff --git a/crypto/openssl/crypto/bn/bn_exp.c b/crypto/openssl/crypto/bn/bn_exp.c
index 88f2baf0e553c..9531acfc3c948 100644
--- a/crypto/openssl/crypto/bn/bn_exp.c
+++ b/crypto/openssl/crypto/bn/bn_exp.c
@@ -8,8 +8,8 @@
  */
 
 #include "internal/cryptlib.h"
-#include "internal/constant_time_locl.h"
-#include "bn_lcl.h"
+#include "internal/constant_time.h"
+#include "bn_local.h"
 
 #include <stdlib.h>
 #ifdef _WIN32
diff --git a/crypto/openssl/crypto/bn/bn_exp2.c b/crypto/openssl/crypto/bn/bn_exp2.c
index 082c9286a0f4b..e542abe46fa10 100644
--- a/crypto/openssl/crypto/bn/bn_exp2.c
+++ b/crypto/openssl/crypto/bn/bn_exp2.c
@@ -9,7 +9,7 @@
 
 #include <stdio.h>
 #include "internal/cryptlib.h"
-#include "bn_lcl.h"
+#include "bn_local.h"
 
 #define TABLE_SIZE      32
 
diff --git a/crypto/openssl/crypto/bn/bn_gcd.c b/crypto/openssl/crypto/bn/bn_gcd.c
index 0091ea4e08a67..ef81acb77ba6b 100644
--- a/crypto/openssl/crypto/bn/bn_gcd.c
+++ b/crypto/openssl/crypto/bn/bn_gcd.c
@@ -8,113 +8,7 @@
  */
 
 #include "internal/cryptlib.h"
-#include "bn_lcl.h"
-
-static BIGNUM *euclid(BIGNUM *a, BIGNUM *b);
-
-int BN_gcd(BIGNUM *r, const BIGNUM *in_a, const BIGNUM *in_b, BN_CTX *ctx)
-{
-    BIGNUM *a, *b, *t;
-    int ret = 0;
-
-    bn_check_top(in_a);
-    bn_check_top(in_b);
-
-    BN_CTX_start(ctx);
-    a = BN_CTX_get(ctx);
-    b = BN_CTX_get(ctx);
-    if (b == NULL)
-        goto err;
-
-    if (BN_copy(a, in_a) == NULL)
-        goto err;
-    if (BN_copy(b, in_b) == NULL)
-        goto err;
-    a->neg = 0;
-    b->neg = 0;
-
-    if (BN_cmp(a, b) < 0) {
-        t = a;
-        a = b;
-        b = t;
-    }
-    t = euclid(a, b);
-    if (t == NULL)
-        goto err;
-
-    if (BN_copy(r, t) == NULL)
-        goto err;
-    ret = 1;
- err:
-    BN_CTX_end(ctx);
-    bn_check_top(r);
-    return ret;
-}
-
-static BIGNUM *euclid(BIGNUM *a, BIGNUM *b)
-{
-    BIGNUM *t;
-    int shifts = 0;
-
-    bn_check_top(a);
-    bn_check_top(b);
-
-    /* 0 <= b <= a */
-    while (!BN_is_zero(b)) {
-        /* 0 < b <= a */
-
-        if (BN_is_odd(a)) {
-            if (BN_is_odd(b)) {
-                if (!BN_sub(a, a, b))
-                    goto err;
-                if (!BN_rshift1(a, a))
-                    goto err;
-                if (BN_cmp(a, b) < 0) {
-                    t = a;
-                    a = b;
-                    b = t;
-                }
-            } else {            /* a odd - b even */
-
-                if (!BN_rshift1(b, b))
-                    goto err;
-                if (BN_cmp(a, b) < 0) {
-                    t = a;
-                    a = b;
-                    b = t;
-                }
-            }
-        } else {                /* a is even */
-
-            if (BN_is_odd(b)) {
-                if (!BN_rshift1(a, a))
-                    goto err;
-                if (BN_cmp(a, b) < 0) {
-                    t = a;
-                    a = b;
-                    b = t;
-                }
-            } else {            /* a even - b even */
-
-                if (!BN_rshift1(a, a))
-                    goto err;
-                if (!BN_rshift1(b, b))
-                    goto err;
-                shifts++;
-            }
-        }
-        /* 0 <= b <= a */
-    }
-
-    if (shifts) {
-        if (!BN_lshift(a, a, shifts))
-            goto err;
-    }
-    bn_check_top(a);
-    return a;
- err:
-    return NULL;
-}
+#include "bn_local.h"
 
 /* solves ax == 1 (mod n) */
 static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in,
@@ -621,3 +515,115 @@ static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in,
     bn_check_top(ret);
     return ret;
 }
+
+/*-
+ * This function is based on the constant-time GCD work by Bernstein and Yang:
+ * https://eprint.iacr.org/2019/266
+ * Generalized fast GCD function to allow even inputs.
+ * The algorithm first finds the shared powers of 2 between
+ * the inputs, and removes them, reducing at least one of the
+ * inputs to an odd value. Then it proceeds to calculate the GCD.
+ * Before returning the resulting GCD, we take care of adding
+ * back the powers of two removed at the beginning.
+ * Note 1: we assume the bit length of both inputs is public information,
+ * since access to top potentially leaks this information.
+ */
+int BN_gcd(BIGNUM *r, const BIGNUM *in_a, const BIGNUM *in_b, BN_CTX *ctx)
+{
+    BIGNUM *g, *temp = NULL;
+    BN_ULONG mask = 0;
+    int i, j, top, rlen, glen, m, bit = 1, delta = 1, cond = 0, shifts = 0, ret = 0;
+
+    /* Note 2: zero input corner cases are not constant-time since they are
+     * handled immediately. An attacker can run an attack under this
+     * assumption without the need of side-channel information. */
+    if (BN_is_zero(in_b)) {
+        ret = BN_copy(r, in_a) != NULL;
+        r->neg = 0;
+        return ret;
+    }
+    if (BN_is_zero(in_a)) {
+        ret = BN_copy(r, in_b) != NULL;
+        r->neg = 0;
+        return ret;
+    }
+
+    bn_check_top(in_a);
+    bn_check_top(in_b);
+
+    BN_CTX_start(ctx);
+    temp = BN_CTX_get(ctx);
+    g = BN_CTX_get(ctx);
+
+    /* make r != 0, g != 0 even, so BN_rshift is not a potential nop */
+    if (g == NULL
+        || !BN_lshift1(g, in_b)
+        || !BN_lshift1(r, in_a))
+        goto err;
+
+    /* find shared powers of two, i.e. "shifts" >= 1 */
+    for (i = 0; i < r->dmax && i < g->dmax; i++) {
+        mask = ~(r->d[i] | g->d[i]);
+        for (j = 0; j < BN_BITS2; j++) {
+            bit &= mask;
+            shifts += bit;
+            mask >>= 1;
+        }
+    }
+
+    /* subtract shared powers of two; shifts >= 1 */
+    if (!BN_rshift(r, r, shifts)
+        || !BN_rshift(g, g, shifts))
+        goto err;
+
+    /* expand to biggest nword, with room for a possible extra word */
+    top = 1 + ((r->top >= g->top) ? r->top : g->top);
+    if (bn_wexpand(r, top) == NULL
+        || bn_wexpand(g, top) == NULL
+        || bn_wexpand(temp, top) == NULL)
+        goto err;
+
+    /* re arrange inputs s.t. r is odd */
+    BN_consttime_swap((~r->d[0]) & 1, r, g, top);
+
+    /* compute the number of iterations */
+    rlen = BN_num_bits(r);
+    glen = BN_num_bits(g);
+    m = 4 + 3 * ((rlen >= glen) ? rlen : glen);
+
+    for (i = 0; i < m; i++) {
+        /* conditionally flip signs if delta is positive and g is odd */
+        cond = (-delta >> (8 * sizeof(delta) - 1)) & g->d[0] & 1
+            /* make sure g->top > 0 (i.e. if top == 0 then g == 0 always) */
+            & (~((g->top - 1) >> (sizeof(g->top) * 8 - 1)));
+        delta = (-cond & -delta) | ((cond - 1) & delta);
+        r->neg ^= cond;
+        /* swap */
+        BN_consttime_swap(cond, r, g, top);
+
+        /* elimination step */
+        delta++;
+        if (!BN_add(temp, g, r))
+            goto err;
+        BN_consttime_swap(g->d[0] & 1 /* g is odd */
+                /* make sure g->top > 0 (i.e. if top == 0 then g == 0 always) */
+                & (~((g->top - 1) >> (sizeof(g->top) * 8 - 1))),
+                g, temp, top);
+        if (!BN_rshift1(g, g))
+            goto err;
+    }
+
+    /* remove possible negative sign */
+    r->neg = 0;
+    /* add powers of 2 removed, then correct the artificial shift */
+    if (!BN_lshift(r, r, shifts)
+        || !BN_rshift1(r, r))
+        goto err;
+
+    ret = 1;
+
+ err:
+    BN_CTX_end(ctx);
+    bn_check_top(r);
+    return ret;
+}
diff --git a/crypto/openssl/crypto/bn/bn_gf2m.c b/crypto/openssl/crypto/bn/bn_gf2m.c
index 34d8b69c1ec9d..a2ea867551822 100644
--- a/crypto/openssl/crypto/bn/bn_gf2m.c
+++ b/crypto/openssl/crypto/bn/bn_gf2m.c
@@ -12,7 +12,7 @@
 #include <limits.h>
 #include <stdio.h>
 #include "internal/cryptlib.h"
-#include "bn_lcl.h"
+#include "bn_local.h"
 
 #ifndef OPENSSL_NO_EC2M
 
diff --git a/crypto/openssl/crypto/bn/bn_intern.c b/crypto/openssl/crypto/bn/bn_intern.c
index 46bc97575dfe4..147b4fa022cfe 100644
--- a/crypto/openssl/crypto/bn/bn_intern.c
+++ b/crypto/openssl/crypto/bn/bn_intern.c
@@ -8,7 +8,7 @@
  */
 
 #include "internal/cryptlib.h"
-#include "bn_lcl.h"
+#include "bn_local.h"
 
 /*
  * Determine the modified width-(w+1) Non-Adjacent Form (wNAF) of 'scalar'.
diff --git a/crypto/openssl/crypto/bn/bn_kron.c b/crypto/openssl/crypto/bn/bn_kron.c
index b9bc6cca27fe8..c1e09d272120a 100644
--- a/crypto/openssl/crypto/bn/bn_kron.c
+++ b/crypto/openssl/crypto/bn/bn_kron.c
@@ -8,7 +8,7 @@
  */
 
 #include "internal/cryptlib.h"
-#include "bn_lcl.h"
+#include "bn_local.h"
 
 /* least significant word */
 #define BN_lsw(n) (((n)->top == 0) ? (BN_ULONG) 0 : (n)->d[0])
diff --git a/crypto/openssl/crypto/bn/bn_lib.c b/crypto/openssl/crypto/bn/bn_lib.c
index 254069ff38198..86d4956c8a8cf 100644
--- a/crypto/openssl/crypto/bn/bn_lib.c
+++ b/crypto/openssl/crypto/bn/bn_lib.c
@@ -10,9 +10,9 @@
 #include <assert.h>
 #include <limits.h>
 #include "internal/cryptlib.h"
-#include "bn_lcl.h"
+#include "bn_local.h"
 #include <openssl/opensslconf.h>
-#include "internal/constant_time_locl.h"
+#include "internal/constant_time.h"
 
 /* This stuff appears to be completely unused, so is deprecated */
 #if OPENSSL_API_COMPAT < 0x00908000L
diff --git a/crypto/openssl/crypto/bn/bn_lcl.h b/crypto/openssl/crypto/bn/bn_local.h
index 7f823a6178a5b..37228104c640f 100644
--- a/crypto/openssl/crypto/bn/bn_lcl.h
+++ b/crypto/openssl/crypto/bn/bn_local.h
@@ -7,8 +7,8 @@
  * https://www.openssl.org/source/license.html
  */
 
-#ifndef HEADER_BN_LCL_H
-# define HEADER_BN_LCL_H
+#ifndef OSSL_CRYPTO_BN_LOCAL_H
+# define OSSL_CRYPTO_BN_LOCAL_H
 
 /*
  * The EDK2 build doesn't use bn_conf.h; it sets THIRTY_TWO_BIT or
@@ -18,10 +18,10 @@
 # include <openssl/opensslconf.h>
 
 # if !defined(OPENSSL_SYS_UEFI)
-#  include "internal/bn_conf.h"
+#  include "crypto/bn_conf.h"
 # endif
 
-# include "internal/bn_int.h"
+# include "crypto/bn.h"
 
 /*
  * These preprocessor symbols control various aspects of the bignum headers
diff --git a/crypto/openssl/crypto/bn/bn_mod.c b/crypto/openssl/crypto/bn/bn_mod.c
index 712fc8ac145be..f7d2e2650ed8b 100644
--- a/crypto/openssl/crypto/bn/bn_mod.c
+++ b/crypto/openssl/crypto/bn/bn_mod.c
@@ -8,7 +8,7 @@
  */
 
 #include "internal/cryptlib.h"
-#include "bn_lcl.h"
+#include "bn_local.h"
 
 int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx)
 {
diff --git a/crypto/openssl/crypto/bn/bn_mont.c b/crypto/openssl/crypto/bn/bn_mont.c
index 393d27c392c73..1e5045a010bb7 100644
--- a/crypto/openssl/crypto/bn/bn_mont.c
+++ b/crypto/openssl/crypto/bn/bn_mont.c
@@ -15,7 +15,7 @@
  */
 
 #include "internal/cryptlib.h"
-#include "bn_lcl.h"
+#include "bn_local.h"
 
 #define MONT_WORD               /* use the faster word-based algorithm */
 
diff --git a/crypto/openssl/crypto/bn/bn_mpi.c b/crypto/openssl/crypto/bn/bn_mpi.c
index 043e21d26a38c..bdbe822415c79 100644
--- a/crypto/openssl/crypto/bn/bn_mpi.c
+++ b/crypto/openssl/crypto/bn/bn_mpi.c
@@ -9,7 +9,7 @@
 
 #include <stdio.h>
 #include "internal/cryptlib.h"
-#include "bn_lcl.h"
+#include "bn_local.h"
 
 int BN_bn2mpi(const BIGNUM *a, unsigned char *d)
 {
diff --git a/crypto/openssl/crypto/bn/bn_mul.c b/crypto/openssl/crypto/bn/bn_mul.c
index 5eda65cfbb048..6743e7be81669 100644
--- a/crypto/openssl/crypto/bn/bn_mul.c
+++ b/crypto/openssl/crypto/bn/bn_mul.c
@@ -9,7 +9,7 @@
 
 #include <assert.h>
 #include "internal/cryptlib.h"
-#include "bn_lcl.h"
+#include "bn_local.h"
 
 #if defined(OPENSSL_NO_ASM) || !defined(OPENSSL_BN_ASM_PART_WORDS)
 /*
diff --git a/crypto/openssl/crypto/bn/bn_nist.c b/crypto/openssl/crypto/bn/bn_nist.c
index dcdd321c6688c..325dc228490ad 100644
--- a/crypto/openssl/crypto/bn/bn_nist.c
+++ b/crypto/openssl/crypto/bn/bn_nist.c
@@ -7,7 +7,7 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include "bn_lcl.h"
+#include "bn_local.h"
 #include "internal/cryptlib.h"
 
 #define BN_NIST_192_TOP (192+BN_BITS2-1)/BN_BITS2
diff --git a/crypto/openssl/crypto/bn/bn_prime.c b/crypto/openssl/crypto/bn/bn_prime.c
index 19b081f38eb7b..6d74da26d3c70 100644
--- a/crypto/openssl/crypto/bn/bn_prime.c
+++ b/crypto/openssl/crypto/bn/bn_prime.c
@@ -10,7 +10,7 @@
 #include <stdio.h>
 #include <time.h>
 #include "internal/cryptlib.h"
-#include "bn_lcl.h"
+#include "bn_local.h"
 
 /*
  * The quick sieve algorithm approach to weeding out primes is Philip
diff --git a/crypto/openssl/crypto/bn/bn_prime.h b/crypto/openssl/crypto/bn/bn_prime.h
index 2eb7b52f76f9a..ba48244534b00 100644
--- a/crypto/openssl/crypto/bn/bn_prime.h
+++ b/crypto/openssl/crypto/bn/bn_prime.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by crypto/bn/bn_prime.pl
  *
- * Copyright 1998-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1998-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/crypto/openssl/crypto/bn/bn_print.c b/crypto/openssl/crypto/bn/bn_print.c
index 1853269d903df..69749a9fa7dcb 100644
--- a/crypto/openssl/crypto/bn/bn_print.c
+++ b/crypto/openssl/crypto/bn/bn_print.c
@@ -8,11 +8,11 @@
  */
 
 #include <stdio.h>
-#include "internal/ctype.h"
+#include "crypto/ctype.h"
 #include <limits.h>
 #include "internal/cryptlib.h"
 #include <openssl/buffer.h>
-#include "bn_lcl.h"
+#include "bn_local.h"
 
 static const char Hex[] = "0123456789ABCDEF";
 
diff --git a/crypto/openssl/crypto/bn/bn_rand.c b/crypto/openssl/crypto/bn/bn_rand.c
index 051f29e34305c..6b4b50a068f13 100644
--- a/crypto/openssl/crypto/bn/bn_rand.c
+++ b/crypto/openssl/crypto/bn/bn_rand.c
@@ -10,7 +10,7 @@
 #include <stdio.h>
 #include <time.h>
 #include "internal/cryptlib.h"
-#include "bn_lcl.h"
+#include "bn_local.h"
 #include <openssl/rand.h>
 #include <openssl/sha.h>
 
diff --git a/crypto/openssl/crypto/bn/bn_recp.c b/crypto/openssl/crypto/bn/bn_recp.c
index 9ab767f42fe9f..e822313341232 100644
--- a/crypto/openssl/crypto/bn/bn_recp.c
+++ b/crypto/openssl/crypto/bn/bn_recp.c
@@ -8,7 +8,7 @@
  */
 
 #include "internal/cryptlib.h"
-#include "bn_lcl.h"
+#include "bn_local.h"
 
 void BN_RECP_CTX_init(BN_RECP_CTX *recp)
 {
diff --git a/crypto/openssl/crypto/bn/bn_shift.c b/crypto/openssl/crypto/bn/bn_shift.c
index b7a1e0ff9ae3c..210a83f586d2b 100644
--- a/crypto/openssl/crypto/bn/bn_shift.c
+++ b/crypto/openssl/crypto/bn/bn_shift.c
@@ -9,7 +9,7 @@
 
 #include <assert.h>
 #include "internal/cryptlib.h"
-#include "bn_lcl.h"
+#include "bn_local.h"
 
 int BN_lshift1(BIGNUM *r, const BIGNUM *a)
 {
@@ -34,12 +34,10 @@ int BN_lshift1(BIGNUM *r, const BIGNUM *a)
     for (i = 0; i < a->top; i++) {
         t = *(ap++);
         *(rp++) = ((t << 1) | c) & BN_MASK2;
-        c = (t & BN_TBIT) ? 1 : 0;
-    }
-    if (c) {
-        *rp = 1;
-        r->top++;
+        c = t >> (BN_BITS2 - 1);
     }
+    *rp = c;
+    r->top += c;
     bn_check_top(r);
     return 1;
 }
@@ -47,7 +45,7 @@ int BN_lshift1(BIGNUM *r, const BIGNUM *a)
 int BN_rshift1(BIGNUM *r, const BIGNUM *a)
 {
     BN_ULONG *ap, *rp, t, c;
-    int i, j;
+    int i;
 
     bn_check_top(r);
     bn_check_top(a);
@@ -58,23 +56,22 @@ int BN_rshift1(BIGNUM *r, const BIGNUM *a)
     }
     i = a->top;
     ap = a->d;
-    j = i - (ap[i - 1] == 1);
     if (a != r) {
-        if (bn_wexpand(r, j) == NULL)
+        if (bn_wexpand(r, i) == NULL)
             return 0;
         r->neg = a->neg;
     }
     rp = r->d;
+    r->top = i;
     t = ap[--i];
-    c = (t & 1) ? BN_TBIT : 0;
-    if (t >>= 1)
-        rp[i] = t;
+    rp[i] = t >> 1;
+    c = t << (BN_BITS2 - 1);
+    r->top -= (t == 1);
     while (i > 0) {
         t = ap[--i];
         rp[i] = ((t >> 1) & BN_MASK2) | c;
-        c = (t & 1) ? BN_TBIT : 0;
+        c = t << (BN_BITS2 - 1);
     }
-    r->top = j;
     if (!r->top)
         r->neg = 0; /* don't allow negative zero */
     bn_check_top(r);
@@ -152,57 +149,19 @@ int bn_lshift_fixed_top(BIGNUM *r, const BIGNUM *a, int n)
 
 int BN_rshift(BIGNUM *r, const BIGNUM *a, int n)
 {
-    int i, j, nw, lb, rb;
-    BN_ULONG *t, *f;
-    BN_ULONG l, tmp;
-
-    bn_check_top(r);
-    bn_check_top(a);
+    int ret = 0;
 
     if (n < 0) {
         BNerr(BN_F_BN_RSHIFT, BN_R_INVALID_SHIFT);
         return 0;
     }
 
-    nw = n / BN_BITS2;
-    rb = n % BN_BITS2;
-    lb = BN_BITS2 - rb;
-    if (nw >= a->top || a->top == 0) {
-        BN_zero(r);
-        return 1;
-    }
-    i = (BN_num_bits(a) - n + (BN_BITS2 - 1)) / BN_BITS2;
-    if (r != a) {
-        if (bn_wexpand(r, i) == NULL)
-            return 0;
-        r->neg = a->neg;
-    } else {
-        if (n == 0)
-            return 1;           /* or the copying loop will go berserk */
-    }
-
-    f = &(a->d[nw]);
-    t = r->d;
-    j = a->top - nw;
-    r->top = i;
+    ret = bn_rshift_fixed_top(r, a, n);
 
-    if (rb == 0) {
-        for (i = j; i != 0; i--)
-            *(t++) = *(f++);
-    } else {
-        l = *(f++);
-        for (i = j - 1; i != 0; i--) {
-            tmp = (l >> rb) & BN_MASK2;
-            l = *(f++);
-            *(t++) = (tmp | (l << lb)) & BN_MASK2;
-        }
-        if ((l = (l >> rb) & BN_MASK2))
-            *(t) = l;
-    }
-    if (!r->top)
-        r->neg = 0; /* don't allow negative zero */
+    bn_correct_top(r);
     bn_check_top(r);
-    return 1;
+
+    return ret;
 }
 
 /*
diff --git a/crypto/openssl/crypto/bn/bn_sqr.c b/crypto/openssl/crypto/bn/bn_sqr.c
index 0c0a590f0c6ab..7f3a179177b6a 100644
--- a/crypto/openssl/crypto/bn/bn_sqr.c
+++ b/crypto/openssl/crypto/bn/bn_sqr.c
@@ -8,7 +8,7 @@
  */
 
 #include "internal/cryptlib.h"
-#include "bn_lcl.h"
+#include "bn_local.h"
 
 /* r must not be a */
 /*
diff --git a/crypto/openssl/crypto/bn/bn_sqrt.c b/crypto/openssl/crypto/bn/bn_sqrt.c
index c3e66b033bde5..1723d5ded5a87 100644
--- a/crypto/openssl/crypto/bn/bn_sqrt.c
+++ b/crypto/openssl/crypto/bn/bn_sqrt.c
@@ -8,7 +8,7 @@
  */
 
 #include "internal/cryptlib.h"
-#include "bn_lcl.h"
+#include "bn_local.h"
 
 BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
 /*
diff --git a/crypto/openssl/crypto/bn/bn_srp.c b/crypto/openssl/crypto/bn/bn_srp.c
index 27b6ebe518ea8..820757be60e3e 100644
--- a/crypto/openssl/crypto/bn/bn_srp.c
+++ b/crypto/openssl/crypto/bn/bn_srp.c
@@ -7,13 +7,13 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include "bn_lcl.h"
+#include "bn_local.h"
 #include "internal/nelem.h"
 
 #ifndef OPENSSL_NO_SRP
 
 #include <openssl/srp.h>
-#include "internal/bn_srp.h"
+#include "crypto/bn_srp.h"
 
 # if (BN_BYTES == 8)
 #  if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__)
diff --git a/crypto/openssl/crypto/bn/bn_word.c b/crypto/openssl/crypto/bn/bn_word.c
index 262d7668fcd4e..18fb3030a8f44 100644
--- a/crypto/openssl/crypto/bn/bn_word.c
+++ b/crypto/openssl/crypto/bn/bn_word.c
@@ -8,7 +8,7 @@
  */
 
 #include "internal/cryptlib.h"
-#include "bn_lcl.h"
+#include "bn_local.h"
 
 BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w)
 {
diff --git a/crypto/openssl/crypto/bn/bn_x931p.c b/crypto/openssl/crypto/bn/bn_x931p.c
index 9eb8384fdeb28..009950259d418 100644
--- a/crypto/openssl/crypto/bn/bn_x931p.c
+++ b/crypto/openssl/crypto/bn/bn_x931p.c
@@ -9,7 +9,7 @@
 
 #include <stdio.h>
 #include <openssl/bn.h>
-#include "bn_lcl.h"
+#include "bn_local.h"
 
 /* X9.31 routines for prime derivation */
 
diff --git a/crypto/openssl/crypto/bn/build.info b/crypto/openssl/crypto/bn/build.info
index a463eddabbbbc..b9ed5322fa689 100644
--- a/crypto/openssl/crypto/bn/build.info
+++ b/crypto/openssl/crypto/bn/build.info
@@ -6,7 +6,6 @@ SOURCE[../../libcrypto]=\
         {- $target{bn_asm_src} -} \
         bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c bn_gf2m.c bn_nist.c \
         bn_depr.c bn_const.c bn_x931p.c bn_intern.c bn_dh.c bn_srp.c
-INCLUDE[../../libcrypto]=../../crypto/include
 
 INCLUDE[bn_exp.o]=..
 
diff --git a/crypto/openssl/crypto/bn/rsaz_exp.h b/crypto/openssl/crypto/bn/rsaz_exp.h
index c5864f8aaa8c9..88f65a4bae461 100644
--- a/crypto/openssl/crypto/bn/rsaz_exp.h
+++ b/crypto/openssl/crypto/bn/rsaz_exp.h
@@ -12,8 +12,8 @@
  * (2) University of Haifa, Israel
  */
 
-#ifndef RSAZ_EXP_H
-# define RSAZ_EXP_H
+#ifndef OSSL_CRYPTO_BN_RSAZ_EXP_H
+# define OSSL_CRYPTO_BN_RSAZ_EXP_H
 
 # undef RSAZ_ENABLED
 # if defined(OPENSSL_BN_ASM_MONT) && \
diff --git a/crypto/openssl/crypto/c64xpluscpuid.pl b/crypto/openssl/crypto/c64xpluscpuid.pl
index b7b11d50316b1..9aeee574ebf8a 100755
--- a/crypto/openssl/crypto/c64xpluscpuid.pl
+++ b/crypto/openssl/crypto/c64xpluscpuid.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -284,4 +284,4 @@ bus_loop2_done?:
 ___
 
 print $code;
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/camellia/asm/cmll-x86.pl b/crypto/openssl/crypto/camellia/asm/cmll-x86.pl
index 55af9b4e3d01f..cd514acfae4aa 100755
--- a/crypto/openssl/crypto/camellia/asm/cmll-x86.pl
+++ b/crypto/openssl/crypto/camellia/asm/cmll-x86.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -1147,4 +1147,4 @@ my ($s0,$s1,$s2,$s3) = @T;
 
 &asm_finish();
 
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/camellia/asm/cmll-x86_64.pl b/crypto/openssl/crypto/camellia/asm/cmll-x86_64.pl
index 02c52c3efe47d..59e1840160ff9 100755
--- a/crypto/openssl/crypto/camellia/asm/cmll-x86_64.pl
+++ b/crypto/openssl/crypto/camellia/asm/cmll-x86_64.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -125,11 +125,13 @@ $code=<<___;
 .type	Camellia_EncryptBlock,\@abi-omnipotent
 .align	16
 Camellia_EncryptBlock:
+.cfi_startproc
 	movl	\$128,%eax
 	subl	$arg0d,%eax
 	movl	\$3,$arg0d
 	adcl	\$0,$arg0d	# keyBitLength==128?3:4
 	jmp	.Lenc_rounds
+.cfi_endproc
 .size	Camellia_EncryptBlock,.-Camellia_EncryptBlock
 # V2
 .globl	Camellia_EncryptBlock_Rounds
@@ -198,6 +200,7 @@ Camellia_EncryptBlock_Rounds:
 .type	_x86_64_Camellia_encrypt,\@abi-omnipotent
 .align	16
 _x86_64_Camellia_encrypt:
+.cfi_startproc
 	xor	0($key),@S[1]
 	xor	4($key),@S[0]		# ^=key[0-3]
 	xor	8($key),@S[3]
@@ -241,6 +244,7 @@ $code.=<<___;
 	mov	$t3,@S[3]
 
 	.byte	0xf3,0xc3		# rep ret
+.cfi_endproc
 .size	_x86_64_Camellia_encrypt,.-_x86_64_Camellia_encrypt
 
 # V1.x API
@@ -248,11 +252,13 @@ $code.=<<___;
 .type	Camellia_DecryptBlock,\@abi-omnipotent
 .align	16
 Camellia_DecryptBlock:
+.cfi_startproc
 	movl	\$128,%eax
 	subl	$arg0d,%eax
 	movl	\$3,$arg0d
 	adcl	\$0,$arg0d	# keyBitLength==128?3:4
 	jmp	.Ldec_rounds
+.cfi_endproc
 .size	Camellia_DecryptBlock,.-Camellia_DecryptBlock
 # V2
 .globl	Camellia_DecryptBlock_Rounds
@@ -321,6 +327,7 @@ Camellia_DecryptBlock_Rounds:
 .type	_x86_64_Camellia_decrypt,\@abi-omnipotent
 .align	16
 _x86_64_Camellia_decrypt:
+.cfi_startproc
 	xor	0($key),@S[1]
 	xor	4($key),@S[0]		# ^=key[0-3]
 	xor	8($key),@S[3]
@@ -365,6 +372,7 @@ $code.=<<___;
 	mov	$t1,@S[3]
 
 	.byte	0xf3,0xc3		# rep ret
+.cfi_endproc
 .size	_x86_64_Camellia_decrypt,.-_x86_64_Camellia_decrypt
 ___
 
@@ -1142,4 +1150,4 @@ ___
 
 $code =~ s/\`([^\`]*)\`/eval $1/gem;
 print $code;
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/camellia/asm/cmllt4-sparcv9.pl b/crypto/openssl/crypto/camellia/asm/cmllt4-sparcv9.pl
index 6396679a5af4b..71a40f6af90c9 100755
--- a/crypto/openssl/crypto/camellia/asm/cmllt4-sparcv9.pl
+++ b/crypto/openssl/crypto/camellia/asm/cmllt4-sparcv9.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -936,4 +936,4 @@ ___
 
 &emit_assembler();
 
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/camellia/camellia.c b/crypto/openssl/crypto/camellia/camellia.c
index c200b823041b0..f623864bc4134 100644
--- a/crypto/openssl/crypto/camellia/camellia.c
+++ b/crypto/openssl/crypto/camellia/camellia.c
@@ -40,7 +40,7 @@
  */
 
 #include <openssl/camellia.h>
-#include "cmll_locl.h"
+#include "cmll_local.h"
 #include <string.h>
 #include <stdlib.h>
 
diff --git a/crypto/openssl/crypto/camellia/cmll_ecb.c b/crypto/openssl/crypto/camellia/cmll_ecb.c
index d932f1b37517b..5760d1ed35fc6 100644
--- a/crypto/openssl/crypto/camellia/cmll_ecb.c
+++ b/crypto/openssl/crypto/camellia/cmll_ecb.c
@@ -8,7 +8,7 @@
  */
 
 #include <openssl/camellia.h>
-#include "cmll_locl.h"
+#include "cmll_local.h"
 
 void Camellia_ecb_encrypt(const unsigned char *in, unsigned char *out,
                           const CAMELLIA_KEY *key, const int enc)
diff --git a/crypto/openssl/crypto/camellia/cmll_locl.h b/crypto/openssl/crypto/camellia/cmll_local.h
index 6403b390d82d4..d16baa55facc4 100644
--- a/crypto/openssl/crypto/camellia/cmll_locl.h
+++ b/crypto/openssl/crypto/camellia/cmll_local.h
@@ -22,8 +22,8 @@
  * to the OpenSSL project.
  */
 
-#ifndef HEADER_CAMELLIA_LOCL_H
-# define HEADER_CAMELLIA_LOCL_H
+#ifndef OSSL_CRYPTO_CAMELLIA_CMLL_LOCAL_H
+# define OSSL_CRYPTO_CAMELLIA_CMLL_LOCAL_H
 
 typedef unsigned int u32;
 typedef unsigned char u8;
@@ -40,4 +40,4 @@ void Camellia_EncryptBlock(int keyBitLength, const u8 plaintext[],
                            const KEY_TABLE_TYPE keyTable, u8 ciphertext[]);
 void Camellia_DecryptBlock(int keyBitLength, const u8 ciphertext[],
                            const KEY_TABLE_TYPE keyTable, u8 plaintext[]);
-#endif                          /* #ifndef HEADER_CAMELLIA_LOCL_H */
+#endif                          /* #ifndef OSSL_CRYPTO_CAMELLIA_CMLL_LOCAL_H */
diff --git a/crypto/openssl/crypto/camellia/cmll_misc.c b/crypto/openssl/crypto/camellia/cmll_misc.c
index e5f014b79cbcd..d8fc3738c4048 100644
--- a/crypto/openssl/crypto/camellia/cmll_misc.c
+++ b/crypto/openssl/crypto/camellia/cmll_misc.c
@@ -9,7 +9,7 @@
 
 #include <openssl/opensslv.h>
 #include <openssl/camellia.h>
-#include "cmll_locl.h"
+#include "cmll_local.h"
 
 int Camellia_set_key(const unsigned char *userKey, const int bits,
                      CAMELLIA_KEY *key)
diff --git a/crypto/openssl/crypto/cast/asm/cast-586.pl b/crypto/openssl/crypto/cast/asm/cast-586.pl
index d5d38965cf760..04710819380a3 100644
--- a/crypto/openssl/crypto/cast/asm/cast-586.pl
+++ b/crypto/openssl/crypto/cast/asm/cast-586.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -46,7 +46,7 @@ $S4="CAST_S_table3";
 
 &asm_finish();
 
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
 
 sub CAST_encrypt {
     local($name,$enc)=@_;
diff --git a/crypto/openssl/crypto/cast/c_cfb64.c b/crypto/openssl/crypto/cast/c_cfb64.c
index bd7cb2f468430..72221595382b5 100644
--- a/crypto/openssl/crypto/cast/c_cfb64.c
+++ b/crypto/openssl/crypto/cast/c_cfb64.c
@@ -8,7 +8,7 @@
  */
 
 #include <openssl/cast.h>
-#include "cast_lcl.h"
+#include "cast_local.h"
 
 /*
  * The input and output encrypted as though 64bit cfb mode is being used.
diff --git a/crypto/openssl/crypto/cast/c_ecb.c b/crypto/openssl/crypto/cast/c_ecb.c
index da4179438f1d4..6fe093f75b1b4 100644
--- a/crypto/openssl/crypto/cast/c_ecb.c
+++ b/crypto/openssl/crypto/cast/c_ecb.c
@@ -8,7 +8,7 @@
  */
 
 #include <openssl/cast.h>
-#include "cast_lcl.h"
+#include "cast_local.h"
 #include <openssl/opensslv.h>
 
 void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out,
diff --git a/crypto/openssl/crypto/cast/c_enc.c b/crypto/openssl/crypto/cast/c_enc.c
index 700b6d162a9fb..d27d1fc0a54fc 100644
--- a/crypto/openssl/crypto/cast/c_enc.c
+++ b/crypto/openssl/crypto/cast/c_enc.c
@@ -8,7 +8,7 @@
  */
 
 #include <openssl/cast.h>
-#include "cast_lcl.h"
+#include "cast_local.h"
 
 void CAST_encrypt(CAST_LONG *data, const CAST_KEY *key)
 {
diff --git a/crypto/openssl/crypto/cast/c_ofb64.c b/crypto/openssl/crypto/cast/c_ofb64.c
index dffb074762c2b..49c0cfade5775 100644
--- a/crypto/openssl/crypto/cast/c_ofb64.c
+++ b/crypto/openssl/crypto/cast/c_ofb64.c
@@ -8,7 +8,7 @@
  */
 
 #include <openssl/cast.h>
-#include "cast_lcl.h"
+#include "cast_local.h"
 
 /*
  * The input and output encrypted as though 64bit ofb mode is being used.
diff --git a/crypto/openssl/crypto/cast/c_skey.c b/crypto/openssl/crypto/cast/c_skey.c
index 962d2a60b4c5d..0311482d20ddb 100644
--- a/crypto/openssl/crypto/cast/c_skey.c
+++ b/crypto/openssl/crypto/cast/c_skey.c
@@ -8,7 +8,7 @@
  */
 
 #include <openssl/cast.h>
-#include "cast_lcl.h"
+#include "cast_local.h"
 #include "cast_s.h"
 
 #define CAST_exp(l,A,a,n) \
diff --git a/crypto/openssl/crypto/cast/cast_lcl.h b/crypto/openssl/crypto/cast/cast_local.h
index 35e89930a8c02..35e89930a8c02 100644
--- a/crypto/openssl/crypto/cast/cast_lcl.h
+++ b/crypto/openssl/crypto/cast/cast_local.h
diff --git a/crypto/openssl/crypto/chacha/asm/chacha-armv4.pl b/crypto/openssl/crypto/chacha/asm/chacha-armv4.pl
index d3fadcc63d333..81c616add313c 100755
--- a/crypto/openssl/crypto/chacha/asm/chacha-armv4.pl
+++ b/crypto/openssl/crypto/chacha/asm/chacha-armv4.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -1157,4 +1157,4 @@ foreach (split("\n",$code)) {
 
 	print $_,"\n";
 }
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/chacha/asm/chacha-armv8.pl b/crypto/openssl/crypto/chacha/asm/chacha-armv8.pl
index e90be6d0e5bdd..22655747295e2 100755
--- a/crypto/openssl/crypto/chacha/asm/chacha-armv8.pl
+++ b/crypto/openssl/crypto/chacha/asm/chacha-armv8.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -1141,4 +1141,4 @@ foreach (split("\n",$code)) {
 
 	print $_,"\n";
 }
-close STDOUT;	# flush
+close STDOUT or die "error closing STDOUT: $!";	# flush
diff --git a/crypto/openssl/crypto/chacha/asm/chacha-c64xplus.pl b/crypto/openssl/crypto/chacha/asm/chacha-c64xplus.pl
index 266401eb1644b..4bd18a4f8f95d 100755
--- a/crypto/openssl/crypto/chacha/asm/chacha-c64xplus.pl
+++ b/crypto/openssl/crypto/chacha/asm/chacha-c64xplus.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -923,4 +923,4 @@ $code.=<<___;
 ___
 
 print $code;
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/chacha/asm/chacha-ppc.pl b/crypto/openssl/crypto/chacha/asm/chacha-ppc.pl
index f4f8610bf3bf7..3073deac17eef 100755
--- a/crypto/openssl/crypto/chacha/asm/chacha-ppc.pl
+++ b/crypto/openssl/crypto/chacha/asm/chacha-ppc.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -1345,4 +1345,4 @@ foreach (split("\n",$code)) {
 	print $_,"\n";
 }
 
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/chacha/asm/chacha-s390x.pl b/crypto/openssl/crypto/chacha/asm/chacha-s390x.pl
index c31526473dba4..dd66a9c603092 100755
--- a/crypto/openssl/crypto/chacha/asm/chacha-s390x.pl
+++ b/crypto/openssl/crypto/chacha/asm/chacha-s390x.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -323,4 +323,4 @@ foreach (split("\n",$code)) {
 
 	print $_,"\n";
 }
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/chacha/asm/chacha-x86.pl b/crypto/openssl/crypto/chacha/asm/chacha-x86.pl
index 13c217dcf1f20..a1f5694b691e6 100755
--- a/crypto/openssl/crypto/chacha/asm/chacha-x86.pl
+++ b/crypto/openssl/crypto/chacha/asm/chacha-x86.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -62,7 +62,7 @@ $ymm=1 if ($xmm && !$ymm && $ARGV[0] eq "win32" &&
 		$1>=10);	# first version supporting AVX
 
 $ymm=1 if ($xmm && !$ymm &&
-		`$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9]\.[0-9]+)/ &&
+		`$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([0-9]+\.[0-9]+)/ &&
 		$2>=3.0);	# first version supporting AVX
 
 $a="eax";
@@ -1152,4 +1152,4 @@ sub XOPROUND {
 
 &asm_finish();
 
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/chacha/asm/chacha-x86_64.pl b/crypto/openssl/crypto/chacha/asm/chacha-x86_64.pl
index b54f3b1525bc1..647d2537ceaeb 100755
--- a/crypto/openssl/crypto/chacha/asm/chacha-x86_64.pl
+++ b/crypto/openssl/crypto/chacha/asm/chacha-x86_64.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -85,7 +85,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
 	$avx = ($1>=10) + ($1>=11);
 }
 
-if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/) {
+if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([0-9]+\.[0-9]+)/) {
 	$avx = ($2>=3.0) + ($2>3.0);
 }
 
@@ -4002,4 +4002,4 @@ foreach (split("\n",$code)) {
 	print $_,"\n";
 }
 
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/chacha/chacha_enc.c b/crypto/openssl/crypto/chacha/chacha_enc.c
index 239f68ab825e3..18251eac08de9 100644
--- a/crypto/openssl/crypto/chacha/chacha_enc.c
+++ b/crypto/openssl/crypto/chacha/chacha_enc.c
@@ -11,7 +11,8 @@
 
 #include <string.h>
 
-#include "internal/chacha.h"
+#include "crypto/chacha.h"
+#include "crypto/ctype.h"
 
 typedef unsigned int u32;
 typedef unsigned char u8;
@@ -78,10 +79,18 @@ void ChaCha20_ctr32(unsigned char *out, const unsigned char *inp,
     size_t todo, i;
 
     /* sigma constant "expand 32-byte k" in little-endian encoding */
-    input[0] = ((u32)'e') | ((u32)'x'<<8) | ((u32)'p'<<16) | ((u32)'a'<<24);
-    input[1] = ((u32)'n') | ((u32)'d'<<8) | ((u32)' '<<16) | ((u32)'3'<<24);
-    input[2] = ((u32)'2') | ((u32)'-'<<8) | ((u32)'b'<<16) | ((u32)'y'<<24);
-    input[3] = ((u32)'t') | ((u32)'e'<<8) | ((u32)' '<<16) | ((u32)'k'<<24);
+    input[0] = ((u32)ossl_toascii('e')) | ((u32)ossl_toascii('x') << 8)
+               | ((u32)ossl_toascii('p') << 16)
+               | ((u32)ossl_toascii('a') << 24);
+    input[1] = ((u32)ossl_toascii('n')) | ((u32)ossl_toascii('d') << 8)
+               | ((u32)ossl_toascii(' ') << 16)
+               | ((u32)ossl_toascii('3') << 24);
+    input[2] = ((u32)ossl_toascii('2')) | ((u32)ossl_toascii('-') << 8)
+               | ((u32)ossl_toascii('b') << 16)
+               | ((u32)ossl_toascii('y') << 24);
+    input[3] = ((u32)ossl_toascii('t')) | ((u32)ossl_toascii('e') << 8)
+               | ((u32)ossl_toascii(' ') << 16)
+               | ((u32)ossl_toascii('k') << 24);
 
     input[4] = key[0];
     input[5] = key[1];
diff --git a/crypto/openssl/crypto/cmac/cm_ameth.c b/crypto/openssl/crypto/cmac/cm_ameth.c
index a58454a089c6d..82adf18c8019b 100644
--- a/crypto/openssl/crypto/cmac/cm_ameth.c
+++ b/crypto/openssl/crypto/cmac/cm_ameth.c
@@ -11,7 +11,7 @@
 #include "internal/cryptlib.h"
 #include <openssl/evp.h>
 #include <openssl/cmac.h>
-#include "internal/asn1_int.h"
+#include "crypto/asn1.h"
 
 /*
  * CMAC "ASN1" method. This is just here to indicate the maximum CMAC output
diff --git a/crypto/openssl/crypto/cmac/cm_pmeth.c b/crypto/openssl/crypto/cmac/cm_pmeth.c
index 10748f148859f..5574f25be8689 100644
--- a/crypto/openssl/crypto/cmac/cm_pmeth.c
+++ b/crypto/openssl/crypto/cmac/cm_pmeth.c
@@ -13,7 +13,7 @@
 #include <openssl/x509v3.h>
 #include <openssl/evp.h>
 #include <openssl/cmac.h>
-#include "internal/evp_int.h"
+#include "crypto/evp.h"
 
 /* The context structure and "key" is simply a CMAC_CTX */
 
diff --git a/crypto/openssl/crypto/cms/cms_asn1.c b/crypto/openssl/crypto/cms/cms_asn1.c
index 993ea6b219ab7..08069d72a29e2 100644
--- a/crypto/openssl/crypto/cms/cms_asn1.c
+++ b/crypto/openssl/crypto/cms/cms_asn1.c
@@ -11,7 +11,7 @@
 #include <openssl/pem.h>
 #include <openssl/x509v3.h>
 #include <openssl/cms.h>
-#include "cms_lcl.h"
+#include "cms_local.h"
 
 
 ASN1_SEQUENCE(CMS_IssuerAndSerialNumber) = {
diff --git a/crypto/openssl/crypto/cms/cms_att.c b/crypto/openssl/crypto/cms/cms_att.c
index 0566019753bdd..4f716619193ad 100644
--- a/crypto/openssl/crypto/cms/cms_att.c
+++ b/crypto/openssl/crypto/cms/cms_att.c
@@ -12,7 +12,7 @@
 #include <openssl/x509v3.h>
 #include <openssl/err.h>
 #include <openssl/cms.h>
-#include "cms_lcl.h"
+#include "cms_local.h"
 #include "internal/nelem.h"
 
 /*-
diff --git a/crypto/openssl/crypto/cms/cms_cd.c b/crypto/openssl/crypto/cms/cms_cd.c
index f05e308418f88..45365b8ba2476 100644
--- a/crypto/openssl/crypto/cms/cms_cd.c
+++ b/crypto/openssl/crypto/cms/cms_cd.c
@@ -15,7 +15,7 @@
 #include <openssl/cms.h>
 #include <openssl/bio.h>
 #include <openssl/comp.h>
-#include "cms_lcl.h"
+#include "cms_local.h"
 
 #ifdef ZLIB
 
diff --git a/crypto/openssl/crypto/cms/cms_dd.c b/crypto/openssl/crypto/cms/cms_dd.c
index 5da6802fcd5e6..0df2e698c2379 100644
--- a/crypto/openssl/crypto/cms/cms_dd.c
+++ b/crypto/openssl/crypto/cms/cms_dd.c
@@ -13,7 +13,7 @@
 #include <openssl/x509v3.h>
 #include <openssl/err.h>
 #include <openssl/cms.h>
-#include "cms_lcl.h"
+#include "cms_local.h"
 
 /* CMS DigestedData Utilities */
 
diff --git a/crypto/openssl/crypto/cms/cms_enc.c b/crypto/openssl/crypto/cms/cms_enc.c
index a1719830e8d4f..fc490303d4c6d 100644
--- a/crypto/openssl/crypto/cms/cms_enc.c
+++ b/crypto/openssl/crypto/cms/cms_enc.c
@@ -14,7 +14,7 @@
 #include <openssl/err.h>
 #include <openssl/cms.h>
 #include <openssl/rand.h>
-#include "cms_lcl.h"
+#include "cms_local.h"
 
 /* CMS EncryptedData Utilities */
 
diff --git a/crypto/openssl/crypto/cms/cms_env.c b/crypto/openssl/crypto/cms/cms_env.c
index 26fb81f79ab1f..04940146fd253 100644
--- a/crypto/openssl/crypto/cms/cms_env.c
+++ b/crypto/openssl/crypto/cms/cms_env.c
@@ -14,9 +14,9 @@
 #include <openssl/err.h>
 #include <openssl/cms.h>
 #include <openssl/aes.h>
-#include "cms_lcl.h"
-#include "internal/asn1_int.h"
-#include "internal/evp_int.h"
+#include "cms_local.h"
+#include "crypto/asn1.h"
+#include "crypto/evp.h"
 
 /* CMS EnvelopedData Utilities */
 
diff --git a/crypto/openssl/crypto/cms/cms_ess.c b/crypto/openssl/crypto/cms/cms_ess.c
index 4780231c22bb3..a21c443ae85e9 100644
--- a/crypto/openssl/crypto/cms/cms_ess.c
+++ b/crypto/openssl/crypto/cms/cms_ess.c
@@ -14,7 +14,7 @@
 #include <openssl/x509v3.h>
 #include <openssl/err.h>
 #include <openssl/cms.h>
-#include "cms_lcl.h"
+#include "cms_local.h"
 
 IMPLEMENT_ASN1_FUNCTIONS(CMS_ReceiptRequest)
 
diff --git a/crypto/openssl/crypto/cms/cms_io.c b/crypto/openssl/crypto/cms/cms_io.c
index d18f980a97323..b37e485f5a282 100644
--- a/crypto/openssl/crypto/cms/cms_io.c
+++ b/crypto/openssl/crypto/cms/cms_io.c
@@ -12,7 +12,7 @@
 #include <openssl/err.h>
 #include <openssl/pem.h>
 #include <openssl/cms.h>
-#include "cms_lcl.h"
+#include "cms_local.h"
 
 int CMS_stream(unsigned char ***boundary, CMS_ContentInfo *cms)
 {
diff --git a/crypto/openssl/crypto/cms/cms_kari.c b/crypto/openssl/crypto/cms/cms_kari.c
index 5e83814d0fcf6..cafc3040ac70a 100644
--- a/crypto/openssl/crypto/cms/cms_kari.c
+++ b/crypto/openssl/crypto/cms/cms_kari.c
@@ -14,8 +14,8 @@
 #include <openssl/err.h>
 #include <openssl/cms.h>
 #include <openssl/aes.h>
-#include "cms_lcl.h"
-#include "internal/asn1_int.h"
+#include "cms_local.h"
+#include "crypto/asn1.h"
 
 /* Key Agreement Recipient Info (KARI) routines */
 
@@ -162,7 +162,7 @@ int CMS_RecipientInfo_kari_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pk)
     if (!pk)
         return 1;
     pctx = EVP_PKEY_CTX_new(pk, NULL);
-    if (!pctx || !EVP_PKEY_derive_init(pctx))
+    if (!pctx || EVP_PKEY_derive_init(pctx) <= 0)
         goto err;
     kari->pctx = pctx;
     return 1;
diff --git a/crypto/openssl/crypto/cms/cms_lib.c b/crypto/openssl/crypto/cms/cms_lib.c
index c2cac260109d1..57afba4361150 100644
--- a/crypto/openssl/crypto/cms/cms_lib.c
+++ b/crypto/openssl/crypto/cms/cms_lib.c
@@ -14,7 +14,7 @@
 #include <openssl/bio.h>
 #include <openssl/asn1.h>
 #include <openssl/cms.h>
-#include "cms_lcl.h"
+#include "cms_local.h"
 
 IMPLEMENT_ASN1_FUNCTIONS(CMS_ContentInfo)
 IMPLEMENT_ASN1_PRINT_FUNCTION(CMS_ContentInfo)
diff --git a/crypto/openssl/crypto/cms/cms_lcl.h b/crypto/openssl/crypto/cms/cms_local.h
index 68aa01271bc2e..a0ce4448f6036 100644
--- a/crypto/openssl/crypto/cms/cms_lcl.h
+++ b/crypto/openssl/crypto/cms/cms_local.h
@@ -7,8 +7,8 @@
  * https://www.openssl.org/source/license.html
  */
 
-#ifndef HEADER_CMS_LCL_H
-# define HEADER_CMS_LCL_H
+#ifndef OSSL_CRYPTO_CMS_LOCAL_H
+# define OSSL_CRYPTO_CMS_LOCAL_H
 
 # include <openssl/x509.h>
 
diff --git a/crypto/openssl/crypto/cms/cms_pwri.c b/crypto/openssl/crypto/cms/cms_pwri.c
index 26e3bdcf9e412..d7414883396cb 100644
--- a/crypto/openssl/crypto/cms/cms_pwri.c
+++ b/crypto/openssl/crypto/cms/cms_pwri.c
@@ -15,8 +15,8 @@
 #include <openssl/cms.h>
 #include <openssl/rand.h>
 #include <openssl/aes.h>
-#include "cms_lcl.h"
-#include "internal/asn1_int.h"
+#include "cms_local.h"
+#include "crypto/asn1.h"
 
 int CMS_RecipientInfo_set0_password(CMS_RecipientInfo *ri,
                                     unsigned char *pass, ossl_ssize_t passlen)
diff --git a/crypto/openssl/crypto/cms/cms_sd.c b/crypto/openssl/crypto/cms/cms_sd.c
index 3841513f8bd23..29ba4c1b13342 100644
--- a/crypto/openssl/crypto/cms/cms_sd.c
+++ b/crypto/openssl/crypto/cms/cms_sd.c
@@ -14,9 +14,9 @@
 #include <openssl/x509v3.h>
 #include <openssl/err.h>
 #include <openssl/cms.h>
-#include "cms_lcl.h"
-#include "internal/asn1_int.h"
-#include "internal/evp_int.h"
+#include "cms_local.h"
+#include "crypto/asn1.h"
+#include "crypto/evp.h"
 
 /* CMS SignedData Utilities */
 
diff --git a/crypto/openssl/crypto/cms/cms_smime.c b/crypto/openssl/crypto/cms/cms_smime.c
index 10815639f8115..652e97b2e877f 100644
--- a/crypto/openssl/crypto/cms/cms_smime.c
+++ b/crypto/openssl/crypto/cms/cms_smime.c
@@ -13,8 +13,8 @@
 #include <openssl/x509v3.h>
 #include <openssl/err.h>
 #include <openssl/cms.h>
-#include "cms_lcl.h"
-#include "internal/asn1_int.h"
+#include "cms_local.h"
+#include "crypto/asn1.h"
 
 static BIO *cms_get_text_bio(BIO *out, unsigned int flags)
 {
diff --git a/crypto/openssl/crypto/comp/c_zlib.c b/crypto/openssl/crypto/comp/c_zlib.c
index d688deee5f23f..b819337913123 100644
--- a/crypto/openssl/crypto/comp/c_zlib.c
+++ b/crypto/openssl/crypto/comp/c_zlib.c
@@ -13,9 +13,9 @@
 #include <openssl/objects.h>
 #include "internal/comp.h"
 #include <openssl/err.h>
-#include "internal/cryptlib_int.h"
+#include "crypto/cryptlib.h"
 #include "internal/bio.h"
-#include "comp_lcl.h"
+#include "comp_local.h"
 
 COMP_METHOD *COMP_zlib(void);
 
@@ -598,6 +598,28 @@ static long bio_zlib_ctrl(BIO *b, int cmd, long num, void *ptr)
         BIO_copy_next_retry(b);
         break;
 
+    case BIO_CTRL_WPENDING:
+        if (ctx->obuf == NULL)
+            return 0;
+
+        if (ctx->odone) {
+            ret = ctx->ocount;
+        } else {
+            ret = ctx->ocount;
+            if (ret == 0)
+                /* Unknown amount pending but we are not finished */
+                ret = 1;
+        }
+        if (ret == 0)
+            ret = BIO_ctrl(next, cmd, num, ptr);
+        break;
+
+    case BIO_CTRL_PENDING:
+        ret = ctx->zin.avail_in;
+        if (ret == 0)
+            ret = BIO_ctrl(next, cmd, num, ptr);
+        break;
+
     default:
         ret = BIO_ctrl(next, cmd, num, ptr);
         break;
diff --git a/crypto/openssl/crypto/comp/comp_lib.c b/crypto/openssl/crypto/comp/comp_lib.c
index 6ae2114496b03..56920e1cca511 100644
--- a/crypto/openssl/crypto/comp/comp_lib.c
+++ b/crypto/openssl/crypto/comp/comp_lib.c
@@ -13,7 +13,7 @@
 #include <openssl/objects.h>
 #include <openssl/comp.h>
 #include <openssl/err.h>
-#include "comp_lcl.h"
+#include "comp_local.h"
 
 COMP_CTX *COMP_CTX_new(COMP_METHOD *meth)
 {
diff --git a/crypto/openssl/crypto/comp/comp_lcl.h b/crypto/openssl/crypto/comp/comp_local.h
index aa45fca238da3..aa45fca238da3 100644
--- a/crypto/openssl/crypto/comp/comp_lcl.h
+++ b/crypto/openssl/crypto/comp/comp_local.h
diff --git a/crypto/openssl/crypto/conf/conf_def.c b/crypto/openssl/crypto/conf/conf_def.c
index 8e3f42a0caca2..ca76fa3679b8a 100644
--- a/crypto/openssl/crypto/conf/conf_def.c
+++ b/crypto/openssl/crypto/conf/conf_def.c
@@ -703,7 +703,9 @@ static BIO *process_include(char *include, OPENSSL_DIR_CTX **dirctx,
 static BIO *get_next_file(const char *path, OPENSSL_DIR_CTX **dirctx)
 {
     const char *filename;
+    size_t pathlen;
 
+    pathlen = strlen(path);
     while ((filename = OPENSSL_DIR_read(dirctx, path)) != NULL) {
         size_t namelen;
 
@@ -716,7 +718,7 @@ static BIO *get_next_file(const char *path, OPENSSL_DIR_CTX **dirctx)
             char *newpath;
             BIO *bio;
 
-            newlen = strlen(path) + namelen + 2;
+            newlen = pathlen + namelen + 2;
             newpath = OPENSSL_zalloc(newlen);
             if (newpath == NULL) {
                 CONFerr(CONF_F_GET_NEXT_FILE, ERR_R_MALLOC_FAILURE);
@@ -727,14 +729,11 @@ static BIO *get_next_file(const char *path, OPENSSL_DIR_CTX **dirctx)
              * If the given path isn't clear VMS syntax,
              * we treat it as on Unix.
              */
-            {
-                size_t pathlen = strlen(path);
-
-                if (path[pathlen - 1] == ']' || path[pathlen - 1] == '>'
-                    || path[pathlen - 1] == ':') {
-                    /* Clear VMS directory syntax, just copy as is */
-                    OPENSSL_strlcpy(newpath, path, newlen);
-                }
+            if (path[pathlen - 1] == ']'
+                || path[pathlen - 1] == '>'
+                || path[pathlen - 1] == ':') {
+                /* Clear VMS directory syntax, just copy as is */
+                OPENSSL_strlcpy(newpath, path, newlen);
             }
 #endif
             if (newpath[0] == '\0') {
diff --git a/crypto/openssl/crypto/conf/conf_def.h b/crypto/openssl/crypto/conf/conf_def.h
index 2016d31b89290..2ced300e40d66 100644
--- a/crypto/openssl/crypto/conf/conf_def.h
+++ b/crypto/openssl/crypto/conf/conf_def.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by crypto/conf/keysets.pl
  *
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
  * in the file LICENSE in the source distribution or at
diff --git a/crypto/openssl/crypto/conf/conf_lib.c b/crypto/openssl/crypto/conf/conf_lib.c
index 2d40ac97ec275..0b7dd26d63b0a 100644
--- a/crypto/openssl/crypto/conf/conf_lib.c
+++ b/crypto/openssl/crypto/conf/conf_lib.c
@@ -11,7 +11,7 @@
 #include <stdio.h>
 #include <string.h>
 #include "internal/conf.h"
-#include "internal/ctype.h"
+#include "crypto/ctype.h"
 #include <openssl/crypto.h>
 #include <openssl/err.h>
 #include <openssl/conf.h>
diff --git a/crypto/openssl/crypto/conf/conf_lcl.h b/crypto/openssl/crypto/conf/conf_local.h
index 6e1f7fe00d70a..6e1f7fe00d70a 100644
--- a/crypto/openssl/crypto/conf/conf_lcl.h
+++ b/crypto/openssl/crypto/conf/conf_local.h
diff --git a/crypto/openssl/crypto/conf/conf_mall.c b/crypto/openssl/crypto/conf/conf_mall.c
index 7e86948e89e9e..d7eaa8509b2fb 100644
--- a/crypto/openssl/crypto/conf/conf_mall.c
+++ b/crypto/openssl/crypto/conf/conf_mall.c
@@ -14,7 +14,7 @@
 #include <openssl/x509.h>
 #include <openssl/asn1.h>
 #include <openssl/engine.h>
-#include "conf_lcl.h"
+#include "conf_local.h"
 
 /* Load all OpenSSL builtin modules */
 
diff --git a/crypto/openssl/crypto/conf/conf_ssl.c b/crypto/openssl/crypto/conf/conf_ssl.c
index 387f2cf46c31b..4bd8117d365ca 100644
--- a/crypto/openssl/crypto/conf/conf_ssl.c
+++ b/crypto/openssl/crypto/conf/conf_ssl.c
@@ -12,7 +12,7 @@
 #include <openssl/conf.h>
 #include <openssl/err.h>
 #include "internal/sslconf.h"
-#include "conf_lcl.h"
+#include "conf_local.h"
 
 /*
  * SSL library configuration module placeholder. We load it here but defer
diff --git a/crypto/openssl/crypto/cryptlib.c b/crypto/openssl/crypto/cryptlib.c
index 7b761a3adced9..1f36b20c86ed6 100644
--- a/crypto/openssl/crypto/cryptlib.c
+++ b/crypto/openssl/crypto/cryptlib.c
@@ -9,7 +9,7 @@
  */
 
 #include "e_os.h"
-#include "internal/cryptlib_int.h"
+#include "crypto/cryptlib.h"
 #include <openssl/safestack.h>
 
 #if     defined(__i386)   || defined(__i386__)   || defined(_M_IX86) || \
@@ -49,7 +49,7 @@ typedef char variant_char;
 #   define ossl_getenv getenv
 #  endif
 
-#  include "internal/ctype.h"
+#  include "crypto/ctype.h"
 
 static int todigit(variant_char c)
 {
diff --git a/crypto/openssl/crypto/ct/ct_b64.c b/crypto/openssl/crypto/ct/ct_b64.c
index 109ffcdcf24ad..4abe11ca298bd 100644
--- a/crypto/openssl/crypto/ct/ct_b64.c
+++ b/crypto/openssl/crypto/ct/ct_b64.c
@@ -14,7 +14,7 @@
 #include <openssl/err.h>
 #include <openssl/evp.h>
 
-#include "ct_locl.h"
+#include "ct_local.h"
 
 /*
  * Decodes the base64 string |in| into |out|.
diff --git a/crypto/openssl/crypto/ct/ct_locl.h b/crypto/openssl/crypto/ct/ct_local.h
index 9f983c91beae4..9f983c91beae4 100644
--- a/crypto/openssl/crypto/ct/ct_locl.h
+++ b/crypto/openssl/crypto/ct/ct_local.h
diff --git a/crypto/openssl/crypto/ct/ct_oct.c b/crypto/openssl/crypto/ct/ct_oct.c
index 0dd691c0f711d..d4b6645af48d8 100644
--- a/crypto/openssl/crypto/ct/ct_oct.c
+++ b/crypto/openssl/crypto/ct/ct_oct.c
@@ -19,7 +19,7 @@
 #include <openssl/ct.h>
 #include <openssl/err.h>
 
-#include "ct_locl.h"
+#include "ct_local.h"
 
 int o2i_SCT_signature(SCT *sct, const unsigned char **in, size_t len)
 {
diff --git a/crypto/openssl/crypto/ct/ct_policy.c b/crypto/openssl/crypto/ct/ct_policy.c
index 0d7b3463877d2..df66e8a494d01 100644
--- a/crypto/openssl/crypto/ct/ct_policy.c
+++ b/crypto/openssl/crypto/ct/ct_policy.c
@@ -15,7 +15,7 @@
 #include <openssl/err.h>
 #include <time.h>
 
-#include "ct_locl.h"
+#include "ct_local.h"
 
 /*
  * Number of seconds in the future that an SCT timestamp can be, by default,
diff --git a/crypto/openssl/crypto/ct/ct_prn.c b/crypto/openssl/crypto/ct/ct_prn.c
index 376e04523e572..e6584b57f391c 100644
--- a/crypto/openssl/crypto/ct/ct_prn.c
+++ b/crypto/openssl/crypto/ct/ct_prn.c
@@ -14,7 +14,7 @@
 #include <openssl/asn1.h>
 #include <openssl/bio.h>
 
-#include "ct_locl.h"
+#include "ct_local.h"
 
 static void SCT_signature_algorithms_print(const SCT *sct, BIO *out)
 {
diff --git a/crypto/openssl/crypto/ct/ct_sct.c b/crypto/openssl/crypto/ct/ct_sct.c
index 1dc16857ba50b..4ff36e2fbd494 100644
--- a/crypto/openssl/crypto/ct/ct_sct.c
+++ b/crypto/openssl/crypto/ct/ct_sct.c
@@ -17,7 +17,7 @@
 #include <openssl/tls1.h>
 #include <openssl/x509.h>
 
-#include "ct_locl.h"
+#include "ct_local.h"
 
 SCT *SCT_new(void)
 {
diff --git a/crypto/openssl/crypto/ct/ct_sct_ctx.c b/crypto/openssl/crypto/ct/ct_sct_ctx.c
index 75a5027df0e8a..841e768033e5a 100644
--- a/crypto/openssl/crypto/ct/ct_sct_ctx.c
+++ b/crypto/openssl/crypto/ct/ct_sct_ctx.c
@@ -18,7 +18,7 @@
 #include <openssl/obj_mac.h>
 #include <openssl/x509.h>
 
-#include "ct_locl.h"
+#include "ct_local.h"
 
 SCT_CTX *SCT_CTX_new(void)
 {
diff --git a/crypto/openssl/crypto/ct/ct_vfy.c b/crypto/openssl/crypto/ct/ct_vfy.c
index cabcf5782aa44..74fd34f4154ee 100644
--- a/crypto/openssl/crypto/ct/ct_vfy.c
+++ b/crypto/openssl/crypto/ct/ct_vfy.c
@@ -14,7 +14,7 @@
 #include <openssl/evp.h>
 #include <openssl/x509.h>
 
-#include "ct_locl.h"
+#include "ct_local.h"
 
 typedef enum sct_signature_type_t {
     SIGNATURE_TYPE_NOT_SET = -1,
diff --git a/crypto/openssl/crypto/ct/ct_x509v3.c b/crypto/openssl/crypto/ct/ct_x509v3.c
index ec186d1f5b830..19c2a852d24a1 100644
--- a/crypto/openssl/crypto/ct/ct_x509v3.c
+++ b/crypto/openssl/crypto/ct/ct_x509v3.c
@@ -11,7 +11,7 @@
 # error "CT is disabled"
 #endif
 
-#include "ct_locl.h"
+#include "ct_local.h"
 
 static char *i2s_poison(const X509V3_EXT_METHOD *method, void *val)
 {
diff --git a/crypto/openssl/crypto/ctype.c b/crypto/openssl/crypto/ctype.c
index e05f84cd40860..b7f1183f9ccf1 100644
--- a/crypto/openssl/crypto/ctype.c
+++ b/crypto/openssl/crypto/ctype.c
@@ -9,7 +9,7 @@
 
 #include <string.h>
 #include <stdio.h>
-#include "internal/ctype.h"
+#include "crypto/ctype.h"
 #include "openssl/ebcdic.h"
 
 /*
diff --git a/crypto/openssl/crypto/des/asm/crypt586.pl b/crypto/openssl/crypto/des/asm/crypt586.pl
index a02d180631494..d14b9f89b6b67 100644
--- a/crypto/openssl/crypto/des/asm/crypt586.pl
+++ b/crypto/openssl/crypto/des/asm/crypt586.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -25,7 +25,7 @@ $R="esi";
 &fcrypt_body("fcrypt_body");
 &asm_finish();
 
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
 
 sub fcrypt_body
 	{
diff --git a/crypto/openssl/crypto/des/asm/des-586.pl b/crypto/openssl/crypto/des/asm/des-586.pl
index 2bcc54ef2f255..07d9d87ac735a 100644
--- a/crypto/openssl/crypto/des/asm/des-586.pl
+++ b/crypto/openssl/crypto/des/asm/des-586.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -47,7 +47,7 @@ $small_footprint=1 if (grep(/\-DOPENSSL_SMALL_FOOTPRINT/,@ARGV));
 
 &asm_finish();
 
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
 
 sub DES_encrypt_internal()
 	{
diff --git a/crypto/openssl/crypto/des/asm/des_enc.m4 b/crypto/openssl/crypto/des/asm/des_enc.m4
index 4ada97b175d99..ebb5e7cd1d75b 100644
--- a/crypto/openssl/crypto/des/asm/des_enc.m4
+++ b/crypto/openssl/crypto/des/asm/des_enc.m4
@@ -106,15 +106,15 @@ changequote({,})
 ! technique.
 !
 ! The macro also loads address sbox 1 to 5 to global 1 to 5, address
-! sbox 6 to local6, and addres sbox 8 to out3.
+! sbox 6 to local6, and address sbox 8 to out3.
 !
-! Rotates the halfs 3 left to bring the sbox bits in convenient positions.
+! Rotates the halves 3 left to bring the sbox bits in convenient positions.
 !
 ! Loads key first round from address in parameter 5 to out0, out1.
 !
 ! After the original LibDES initial permutation, the resulting left
 ! is in the variable initially used for right and vice versa. The macro
-! implements the possibility to keep the halfs in the original registers.
+! implements the possibility to keep the halves in the original registers.
 !
 ! parameter 1  left
 ! parameter 2  right
@@ -1184,7 +1184,7 @@ DES_encrypt2:
 	add	%o7,global1,global1
 	sub	global1,.PIC.DES_SPtrans-.des_and,out2
 
-	! Set sbox address 1 to 6 and rotate halfs 3 left
+	! Set sbox address 1 to 6 and rotate halves 3 left
 	! Errors caught by destest? Yes. Still? *NO*
 
 	!sethi	%hi(DES_SPtrans), global1 ! address sbox 1
diff --git a/crypto/openssl/crypto/des/asm/dest4-sparcv9.pl b/crypto/openssl/crypto/des/asm/dest4-sparcv9.pl
index fe1fdc7025cf4..5c92a52b7957d 100755
--- a/crypto/openssl/crypto/des/asm/dest4-sparcv9.pl
+++ b/crypto/openssl/crypto/des/asm/dest4-sparcv9.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2013-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -624,4 +624,4 @@ ___
 
 &emit_assembler();
 
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/des/cbc_cksm.c b/crypto/openssl/crypto/des/cbc_cksm.c
index 5a1f72f82db83..c5e2e017b84e0 100644
--- a/crypto/openssl/crypto/des/cbc_cksm.c
+++ b/crypto/openssl/crypto/des/cbc_cksm.c
@@ -7,7 +7,7 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include "des_locl.h"
+#include "des_local.h"
 
 DES_LONG DES_cbc_cksum(const unsigned char *in, DES_cblock *output,
                        long length, DES_key_schedule *schedule,
diff --git a/crypto/openssl/crypto/des/cfb64ede.c b/crypto/openssl/crypto/des/cfb64ede.c
index 21943f6143ead..490d925f46f47 100644
--- a/crypto/openssl/crypto/des/cfb64ede.c
+++ b/crypto/openssl/crypto/des/cfb64ede.c
@@ -7,7 +7,7 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include "des_locl.h"
+#include "des_local.h"
 
 /*
  * The input and output encrypted as though 64bit cfb mode is being used.
diff --git a/crypto/openssl/crypto/des/cfb64enc.c b/crypto/openssl/crypto/des/cfb64enc.c
index 96de51b055ec4..ca0e82164803c 100644
--- a/crypto/openssl/crypto/des/cfb64enc.c
+++ b/crypto/openssl/crypto/des/cfb64enc.c
@@ -7,7 +7,7 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include "des_locl.h"
+#include "des_local.h"
 
 /*
  * The input and output encrypted as though 64bit cfb mode is being used.
diff --git a/crypto/openssl/crypto/des/cfb_enc.c b/crypto/openssl/crypto/des/cfb_enc.c
index 544392e405c2c..17018420e6cc0 100644
--- a/crypto/openssl/crypto/des/cfb_enc.c
+++ b/crypto/openssl/crypto/des/cfb_enc.c
@@ -8,7 +8,7 @@
  */
 
 #include "e_os.h"
-#include "des_locl.h"
+#include "des_local.h"
 #include <assert.h>
 
 /*
diff --git a/crypto/openssl/crypto/des/des_enc.c b/crypto/openssl/crypto/des/des_enc.c
index ed134ace8c322..45eec615d8b0b 100644
--- a/crypto/openssl/crypto/des/des_enc.c
+++ b/crypto/openssl/crypto/des/des_enc.c
@@ -8,7 +8,7 @@
  */
 
 #include <openssl/crypto.h>
-#include "des_locl.h"
+#include "des_local.h"
 #include "spr.h"
 
 void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc)
diff --git a/crypto/openssl/crypto/des/des_locl.h b/crypto/openssl/crypto/des/des_local.h
index f401e6f3ebe89..0f58a1c9ae2e8 100644
--- a/crypto/openssl/crypto/des/des_locl.h
+++ b/crypto/openssl/crypto/des/des_local.h
@@ -7,8 +7,8 @@
  * https://www.openssl.org/source/license.html
  */
 
-#ifndef HEADER_DES_LOCL_H
-# define HEADER_DES_LOCL_H
+#ifndef OSSL_CRYPTO_DES_LOCAL_H
+# define OSSL_CRYPTO_DES_LOCAL_H
 
 # include <openssl/e_os2.h>
 
diff --git a/crypto/openssl/crypto/des/ecb3_enc.c b/crypto/openssl/crypto/des/ecb3_enc.c
index 6ac89d4e78bb6..7afa8eaadde7c 100644
--- a/crypto/openssl/crypto/des/ecb3_enc.c
+++ b/crypto/openssl/crypto/des/ecb3_enc.c
@@ -7,7 +7,7 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include "des_locl.h"
+#include "des_local.h"
 
 void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output,
                       DES_key_schedule *ks1, DES_key_schedule *ks2,
diff --git a/crypto/openssl/crypto/des/ecb_enc.c b/crypto/openssl/crypto/des/ecb_enc.c
index 5ed079d15fdc5..513c65e116cdb 100644
--- a/crypto/openssl/crypto/des/ecb_enc.c
+++ b/crypto/openssl/crypto/des/ecb_enc.c
@@ -7,7 +7,7 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include "des_locl.h"
+#include "des_local.h"
 #include <openssl/opensslv.h>
 #include <openssl/bio.h>
 
diff --git a/crypto/openssl/crypto/des/fcrypt.c b/crypto/openssl/crypto/des/fcrypt.c
index aaee4bf236a53..e83cf76b615cc 100644
--- a/crypto/openssl/crypto/des/fcrypt.c
+++ b/crypto/openssl/crypto/des/fcrypt.c
@@ -19,7 +19,7 @@
 #endif
 
 #include <openssl/crypto.h>
-#include "des_locl.h"
+#include "des_local.h"
 
 /*
  * Added more values to handle illegal salt values the way normal crypt()
diff --git a/crypto/openssl/crypto/des/fcrypt_b.c b/crypto/openssl/crypto/des/fcrypt_b.c
index fe2369a93526c..22f967b8c6d38 100644
--- a/crypto/openssl/crypto/des/fcrypt_b.c
+++ b/crypto/openssl/crypto/des/fcrypt_b.c
@@ -10,7 +10,7 @@
 #include <stdio.h>
 
 #define DES_FCRYPT
-#include "des_locl.h"
+#include "des_local.h"
 #undef DES_FCRYPT
 
 #undef PERM_OP
diff --git a/crypto/openssl/crypto/des/ncbc_enc.c b/crypto/openssl/crypto/des/ncbc_enc.c
index 244f15ca2a960..cd4b071a3d73b 100644
--- a/crypto/openssl/crypto/des/ncbc_enc.c
+++ b/crypto/openssl/crypto/des/ncbc_enc.c
@@ -13,7 +13,7 @@
  *    des_enc.c  (DES_ncbc_encrypt)
  */
 
-#include "des_locl.h"
+#include "des_local.h"
 
 #ifdef CBC_ENC_C__DONT_UPDATE_IV
 void DES_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
diff --git a/crypto/openssl/crypto/des/ofb64ede.c b/crypto/openssl/crypto/des/ofb64ede.c
index a551a07e0eb49..68cf2dc557c64 100644
--- a/crypto/openssl/crypto/des/ofb64ede.c
+++ b/crypto/openssl/crypto/des/ofb64ede.c
@@ -7,7 +7,7 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include "des_locl.h"
+#include "des_local.h"
 
 /*
  * The input and output encrypted as though 64bit ofb mode is being used.
diff --git a/crypto/openssl/crypto/des/ofb64enc.c b/crypto/openssl/crypto/des/ofb64enc.c
index 30976c871daa1..5796980c18653 100644
--- a/crypto/openssl/crypto/des/ofb64enc.c
+++ b/crypto/openssl/crypto/des/ofb64enc.c
@@ -7,7 +7,7 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include "des_locl.h"
+#include "des_local.h"
 
 /*
  * The input and output encrypted as though 64bit ofb mode is being used.
diff --git a/crypto/openssl/crypto/des/ofb_enc.c b/crypto/openssl/crypto/des/ofb_enc.c
index 65a9b8604d803..2b0498994b515 100644
--- a/crypto/openssl/crypto/des/ofb_enc.c
+++ b/crypto/openssl/crypto/des/ofb_enc.c
@@ -7,7 +7,7 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include "des_locl.h"
+#include "des_local.h"
 
 /*
  * The input and output are loaded in multiples of 8 bits. What this means is
diff --git a/crypto/openssl/crypto/des/pcbc_enc.c b/crypto/openssl/crypto/des/pcbc_enc.c
index 0fa058f03f076..3490592741c60 100644
--- a/crypto/openssl/crypto/des/pcbc_enc.c
+++ b/crypto/openssl/crypto/des/pcbc_enc.c
@@ -7,7 +7,7 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include "des_locl.h"
+#include "des_local.h"
 
 void DES_pcbc_encrypt(const unsigned char *input, unsigned char *output,
                       long length, DES_key_schedule *schedule,
diff --git a/crypto/openssl/crypto/des/qud_cksm.c b/crypto/openssl/crypto/des/qud_cksm.c
index 81e6be8226aaf..10b6abf69ea5d 100644
--- a/crypto/openssl/crypto/des/qud_cksm.c
+++ b/crypto/openssl/crypto/des/qud_cksm.c
@@ -13,7 +13,7 @@
  * only based on the code in this paper and is almost definitely not the same
  * as the MIT implementation.
  */
-#include "des_locl.h"
+#include "des_local.h"
 
 #define Q_B0(a) (((DES_LONG)(a)))
 #define Q_B1(a) (((DES_LONG)(a))<<8)
diff --git a/crypto/openssl/crypto/des/set_key.c b/crypto/openssl/crypto/des/set_key.c
index adbad72362f53..cbcb616cb2add 100644
--- a/crypto/openssl/crypto/des/set_key.c
+++ b/crypto/openssl/crypto/des/set_key.c
@@ -16,7 +16,7 @@
  * 1.0 First working version
  */
 #include <openssl/crypto.h>
-#include "des_locl.h"
+#include "des_local.h"
 
 /* defaults to false */
 OPENSSL_IMPLEMENT_GLOBAL(int, DES_check_key, 0)
diff --git a/crypto/openssl/crypto/des/str2key.c b/crypto/openssl/crypto/des/str2key.c
index e18d726522ba3..61db60512567c 100644
--- a/crypto/openssl/crypto/des/str2key.c
+++ b/crypto/openssl/crypto/des/str2key.c
@@ -8,7 +8,7 @@
  */
 
 #include <openssl/crypto.h>
-#include "des_locl.h"
+#include "des_local.h"
 
 void DES_string_to_key(const char *str, DES_cblock *key)
 {
diff --git a/crypto/openssl/crypto/des/xcbc_enc.c b/crypto/openssl/crypto/des/xcbc_enc.c
index c4e455d9b9125..fb3fd5292cb68 100644
--- a/crypto/openssl/crypto/des/xcbc_enc.c
+++ b/crypto/openssl/crypto/des/xcbc_enc.c
@@ -7,7 +7,7 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include "des_locl.h"
+#include "des_local.h"
 
 /* RSA's DESX */
 
diff --git a/crypto/openssl/crypto/dh/dh_ameth.c b/crypto/openssl/crypto/dh/dh_ameth.c
index 05a1d4227ee31..d53004080d5e4 100644
--- a/crypto/openssl/crypto/dh/dh_ameth.c
+++ b/crypto/openssl/crypto/dh/dh_ameth.c
@@ -11,10 +11,10 @@
 #include "internal/cryptlib.h"
 #include <openssl/x509.h>
 #include <openssl/asn1.h>
-#include "dh_locl.h"
+#include "dh_local.h"
 #include <openssl/bn.h>
-#include "internal/asn1_int.h"
-#include "internal/evp_int.h"
+#include "crypto/asn1.h"
+#include "crypto/evp.h"
 #include <openssl/cms.h>
 
 /*
@@ -901,6 +901,7 @@ static int dh_cms_encrypt(CMS_RecipientInfo *ri)
  err:
     OPENSSL_free(penc);
     X509_ALGOR_free(wrap_alg);
+    OPENSSL_free(dukm);
     return rv;
 }
 
diff --git a/crypto/openssl/crypto/dh/dh_asn1.c b/crypto/openssl/crypto/dh/dh_asn1.c
index 1a40633b48065..e37f0904e560c 100644
--- a/crypto/openssl/crypto/dh/dh_asn1.c
+++ b/crypto/openssl/crypto/dh/dh_asn1.c
@@ -10,7 +10,7 @@
 #include <stdio.h>
 #include "internal/cryptlib.h"
 #include <openssl/bn.h>
-#include "dh_locl.h"
+#include "dh_local.h"
 #include <openssl/objects.h>
 #include <openssl/asn1t.h>
 
diff --git a/crypto/openssl/crypto/dh/dh_check.c b/crypto/openssl/crypto/dh/dh_check.c
index d13d8206ce509..4ac169e75c236 100644
--- a/crypto/openssl/crypto/dh/dh_check.c
+++ b/crypto/openssl/crypto/dh/dh_check.c
@@ -10,7 +10,7 @@
 #include <stdio.h>
 #include "internal/cryptlib.h"
 #include <openssl/bn.h>
-#include "dh_locl.h"
+#include "dh_local.h"
 
 # define DH_NUMBER_ITERATIONS_FOR_PRIME 64
 
diff --git a/crypto/openssl/crypto/dh/dh_gen.c b/crypto/openssl/crypto/dh/dh_gen.c
index d293835eb22b7..ab82ab58bd2ac 100644
--- a/crypto/openssl/crypto/dh/dh_gen.c
+++ b/crypto/openssl/crypto/dh/dh_gen.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -15,7 +15,7 @@
 #include <stdio.h>
 #include "internal/cryptlib.h"
 #include <openssl/bn.h>
-#include "dh_locl.h"
+#include "dh_local.h"
 
 static int dh_builtin_genparams(DH *ret, int prime_len, int generator,
                                 BN_GENCB *cb);
@@ -54,7 +54,7 @@ int DH_generate_parameters_ex(DH *ret, int prime_len, int generator,
  * for 3, p mod 12 == 11
  * for 5, p mod 60 == 59
  *
- * However for compatibilty with previous versions we use:
+ * However for compatibility with previous versions we use:
  * for 2, p mod 24 == 11
  * for 5, p mod 60 == 23
  */
diff --git a/crypto/openssl/crypto/dh/dh_key.c b/crypto/openssl/crypto/dh/dh_key.c
index 718aa422d9354..daffdf74dd37b 100644
--- a/crypto/openssl/crypto/dh/dh_key.c
+++ b/crypto/openssl/crypto/dh/dh_key.c
@@ -9,8 +9,8 @@
 
 #include <stdio.h>
 #include "internal/cryptlib.h"
-#include "dh_locl.h"
-#include "internal/bn_int.h"
+#include "dh_local.h"
+#include "crypto/bn.h"
 
 static int generate_key(DH *dh);
 static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh);
diff --git a/crypto/openssl/crypto/dh/dh_lib.c b/crypto/openssl/crypto/dh/dh_lib.c
index e7e7ef08e9e3c..04b79d355ca48 100644
--- a/crypto/openssl/crypto/dh/dh_lib.c
+++ b/crypto/openssl/crypto/dh/dh_lib.c
@@ -11,7 +11,7 @@
 #include "internal/cryptlib.h"
 #include "internal/refcount.h"
 #include <openssl/bn.h>
-#include "dh_locl.h"
+#include "dh_local.h"
 #include <openssl/engine.h>
 
 int DH_set_method(DH *dh, const DH_METHOD *meth)
diff --git a/crypto/openssl/crypto/dh/dh_locl.h b/crypto/openssl/crypto/dh/dh_local.h
index 0a8391a6c0041..0a8391a6c0041 100644
--- a/crypto/openssl/crypto/dh/dh_locl.h
+++ b/crypto/openssl/crypto/dh/dh_local.h
diff --git a/crypto/openssl/crypto/dh/dh_meth.c b/crypto/openssl/crypto/dh/dh_meth.c
index 59c4d7e967823..8a54a8108fc3f 100644
--- a/crypto/openssl/crypto/dh/dh_meth.c
+++ b/crypto/openssl/crypto/dh/dh_meth.c
@@ -7,7 +7,7 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include "dh_locl.h"
+#include "dh_local.h"
 #include <string.h>
 #include <openssl/err.h>
 
diff --git a/crypto/openssl/crypto/dh/dh_pmeth.c b/crypto/openssl/crypto/dh/dh_pmeth.c
index 568831f1c2a75..1fd94deb47319 100644
--- a/crypto/openssl/crypto/dh/dh_pmeth.c
+++ b/crypto/openssl/crypto/dh/dh_pmeth.c
@@ -12,11 +12,11 @@
 #include <openssl/asn1t.h>
 #include <openssl/x509.h>
 #include <openssl/evp.h>
-#include "dh_locl.h"
+#include "dh_local.h"
 #include <openssl/bn.h>
 #include <openssl/dsa.h>
 #include <openssl/objects.h>
-#include "internal/evp_int.h"
+#include "crypto/evp.h"
 
 /* DH pkey context structure */
 
diff --git a/crypto/openssl/crypto/dh/dh_rfc5114.c b/crypto/openssl/crypto/dh/dh_rfc5114.c
index c4a219590e9e1..e3603a05a322b 100644
--- a/crypto/openssl/crypto/dh/dh_rfc5114.c
+++ b/crypto/openssl/crypto/dh/dh_rfc5114.c
@@ -9,9 +9,9 @@
 
 #include <stdio.h>
 #include "internal/cryptlib.h"
-#include "dh_locl.h"
+#include "dh_local.h"
 #include <openssl/bn.h>
-#include "internal/bn_dh.h"
+#include "crypto/bn_dh.h"
 
 /*
  * Macro to make a DH structure from BIGNUM data. NB: although just copying
diff --git a/crypto/openssl/crypto/dh/dh_rfc7919.c b/crypto/openssl/crypto/dh/dh_rfc7919.c
index a54b468e552ce..03d30a1f5d598 100644
--- a/crypto/openssl/crypto/dh/dh_rfc7919.c
+++ b/crypto/openssl/crypto/dh/dh_rfc7919.c
@@ -9,10 +9,10 @@
 
 #include <stdio.h>
 #include "internal/cryptlib.h"
-#include "dh_locl.h"
+#include "dh_local.h"
 #include <openssl/bn.h>
 #include <openssl/objects.h>
-#include "internal/bn_dh.h"
+#include "crypto/bn_dh.h"
 
 static DH *dh_param_init(const BIGNUM *p, int32_t nbits)
 {
diff --git a/crypto/openssl/crypto/dllmain.c b/crypto/openssl/crypto/dllmain.c
index 0838c55e48974..e8217893b9edb 100644
--- a/crypto/openssl/crypto/dllmain.c
+++ b/crypto/openssl/crypto/dllmain.c
@@ -8,7 +8,7 @@
  */
 
 #include "e_os.h"
-#include "internal/cryptlib_int.h"
+#include "crypto/cryptlib.h"
 
 #if defined(_WIN32) || defined(__CYGWIN__)
 # ifdef __CYGWIN__
diff --git a/crypto/openssl/crypto/dsa/dsa_ameth.c b/crypto/openssl/crypto/dsa/dsa_ameth.c
index 49aa1ae23bab0..2dcaa0815fd6e 100644
--- a/crypto/openssl/crypto/dsa/dsa_ameth.c
+++ b/crypto/openssl/crypto/dsa/dsa_ameth.c
@@ -11,11 +11,11 @@
 #include "internal/cryptlib.h"
 #include <openssl/x509.h>
 #include <openssl/asn1.h>
-#include "dsa_locl.h"
+#include "dsa_local.h"
 #include <openssl/bn.h>
 #include <openssl/cms.h>
-#include "internal/asn1_int.h"
-#include "internal/evp_int.h"
+#include "crypto/asn1.h"
+#include "crypto/evp.h"
 
 static int dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
 {
diff --git a/crypto/openssl/crypto/dsa/dsa_asn1.c b/crypto/openssl/crypto/dsa/dsa_asn1.c
index 6499e87ef3189..9cafd5ca8a90b 100644
--- a/crypto/openssl/crypto/dsa/dsa_asn1.c
+++ b/crypto/openssl/crypto/dsa/dsa_asn1.c
@@ -9,7 +9,7 @@
 
 #include <stdio.h>
 #include "internal/cryptlib.h"
-#include "dsa_locl.h"
+#include "dsa_local.h"
 #include <openssl/asn1.h>
 #include <openssl/asn1t.h>
 #include <openssl/rand.h>
diff --git a/crypto/openssl/crypto/dsa/dsa_gen.c b/crypto/openssl/crypto/dsa/dsa_gen.c
index af59a582b53e4..5d066a06c546d 100644
--- a/crypto/openssl/crypto/dsa/dsa_gen.c
+++ b/crypto/openssl/crypto/dsa/dsa_gen.c
@@ -21,7 +21,7 @@
 #include <openssl/bn.h>
 #include <openssl/rand.h>
 #include <openssl/sha.h>
-#include "dsa_locl.h"
+#include "dsa_local.h"
 
 int DSA_generate_parameters_ex(DSA *ret, int bits,
                                const unsigned char *seed_in, int seed_len,
diff --git a/crypto/openssl/crypto/dsa/dsa_key.c b/crypto/openssl/crypto/dsa/dsa_key.c
index a48af58492914..bdeddd4f61df9 100644
--- a/crypto/openssl/crypto/dsa/dsa_key.c
+++ b/crypto/openssl/crypto/dsa/dsa_key.c
@@ -11,7 +11,7 @@
 #include <time.h>
 #include "internal/cryptlib.h"
 #include <openssl/bn.h>
-#include "dsa_locl.h"
+#include "dsa_local.h"
 
 static int dsa_builtin_keygen(DSA *dsa);
 
diff --git a/crypto/openssl/crypto/dsa/dsa_lib.c b/crypto/openssl/crypto/dsa/dsa_lib.c
index 1048601bebde3..f98af5853dc12 100644
--- a/crypto/openssl/crypto/dsa/dsa_lib.c
+++ b/crypto/openssl/crypto/dsa/dsa_lib.c
@@ -11,7 +11,7 @@
 #include "internal/cryptlib.h"
 #include "internal/refcount.h"
 #include <openssl/bn.h>
-#include "dsa_locl.h"
+#include "dsa_local.h"
 #include <openssl/asn1.h>
 #include <openssl/engine.h>
 #include <openssl/dh.h>
diff --git a/crypto/openssl/crypto/dsa/dsa_locl.h b/crypto/openssl/crypto/dsa/dsa_local.h
index a81a4b49788d7..a81a4b49788d7 100644
--- a/crypto/openssl/crypto/dsa/dsa_locl.h
+++ b/crypto/openssl/crypto/dsa/dsa_local.h
diff --git a/crypto/openssl/crypto/dsa/dsa_meth.c b/crypto/openssl/crypto/dsa/dsa_meth.c
index ff4fae44a7c30..1e6ee2f4ed3bc 100644
--- a/crypto/openssl/crypto/dsa/dsa_meth.c
+++ b/crypto/openssl/crypto/dsa/dsa_meth.c
@@ -15,7 +15,7 @@
  * or in the file LICENSE in the source distribution.
  */
 
-#include "dsa_locl.h"
+#include "dsa_local.h"
 #include <string.h>
 #include <openssl/err.h>
 
diff --git a/crypto/openssl/crypto/dsa/dsa_ossl.c b/crypto/openssl/crypto/dsa/dsa_ossl.c
index 16161dcadf22b..a983def64e76e 100644
--- a/crypto/openssl/crypto/dsa/dsa_ossl.c
+++ b/crypto/openssl/crypto/dsa/dsa_ossl.c
@@ -9,10 +9,10 @@
 
 #include <stdio.h>
 #include "internal/cryptlib.h"
-#include "internal/bn_int.h"
+#include "crypto/bn.h"
 #include <openssl/bn.h>
 #include <openssl/sha.h>
-#include "dsa_locl.h"
+#include "dsa_local.h"
 #include <openssl/asn1.h>
 
 static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
diff --git a/crypto/openssl/crypto/dsa/dsa_pmeth.c b/crypto/openssl/crypto/dsa/dsa_pmeth.c
index 1dd2fef9beb90..4ca3747a4646c 100644
--- a/crypto/openssl/crypto/dsa/dsa_pmeth.c
+++ b/crypto/openssl/crypto/dsa/dsa_pmeth.c
@@ -13,8 +13,8 @@
 #include <openssl/x509.h>
 #include <openssl/evp.h>
 #include <openssl/bn.h>
-#include "internal/evp_int.h"
-#include "dsa_locl.h"
+#include "crypto/evp.h"
+#include "dsa_local.h"
 
 /* DSA pkey context structure */
 
@@ -178,9 +178,7 @@ static int pkey_dsa_ctrl_str(EVP_PKEY_CTX *ctx,
     }
     if (strcmp(type, "dsa_paramgen_q_bits") == 0) {
         int qbits = atoi(value);
-        return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN,
-                                 EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS, qbits,
-                                 NULL);
+        return EVP_PKEY_CTX_set_dsa_paramgen_q_bits(ctx, qbits);
     }
     if (strcmp(type, "dsa_paramgen_md") == 0) {
         const EVP_MD *md = EVP_get_digestbyname(value);
@@ -189,9 +187,7 @@ static int pkey_dsa_ctrl_str(EVP_PKEY_CTX *ctx,
             DSAerr(DSA_F_PKEY_DSA_CTRL_STR, DSA_R_INVALID_DIGEST_TYPE);
             return 0;
         }
-        return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN,
-                                 EVP_PKEY_CTRL_DSA_PARAMGEN_MD, 0,
-                                 (void *)md);
+        return EVP_PKEY_CTX_set_dsa_paramgen_md(ctx, md);
     }
     return -2;
 }
diff --git a/crypto/openssl/crypto/dsa/dsa_sign.c b/crypto/openssl/crypto/dsa/dsa_sign.c
index e9466b29f1d7b..51c7754b93e46 100644
--- a/crypto/openssl/crypto/dsa/dsa_sign.c
+++ b/crypto/openssl/crypto/dsa/dsa_sign.c
@@ -8,7 +8,7 @@
  */
 
 #include "internal/cryptlib.h"
-#include "dsa_locl.h"
+#include "dsa_local.h"
 #include <openssl/bn.h>
 
 DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
diff --git a/crypto/openssl/crypto/dsa/dsa_vrf.c b/crypto/openssl/crypto/dsa/dsa_vrf.c
index 21f98cd94e5c1..6f80a4aab7a59 100644
--- a/crypto/openssl/crypto/dsa/dsa_vrf.c
+++ b/crypto/openssl/crypto/dsa/dsa_vrf.c
@@ -8,7 +8,7 @@
  */
 
 #include "internal/cryptlib.h"
-#include "dsa_locl.h"
+#include "dsa_local.h"
 
 int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
                   DSA *dsa)
diff --git a/crypto/openssl/crypto/dso/dso_dl.c b/crypto/openssl/crypto/dso/dso_dl.c
index 290d73cf3575b..3bbb10e5ca987 100644
--- a/crypto/openssl/crypto/dso/dso_dl.c
+++ b/crypto/openssl/crypto/dso/dso_dl.c
@@ -7,7 +7,7 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include "dso_locl.h"
+#include "dso_local.h"
 
 #ifdef DSO_DL
 
diff --git a/crypto/openssl/crypto/dso/dso_dlfcn.c b/crypto/openssl/crypto/dso/dso_dlfcn.c
index ba3b55fcbffad..4719e8f4f3376 100644
--- a/crypto/openssl/crypto/dso/dso_dlfcn.c
+++ b/crypto/openssl/crypto/dso/dso_dlfcn.c
@@ -16,7 +16,7 @@
 # define _GNU_SOURCE            /* make sure dladdr is declared */
 #endif
 
-#include "dso_locl.h"
+#include "dso_local.h"
 #include "e_os.h"
 
 #ifdef DSO_DLFCN
diff --git a/crypto/openssl/crypto/dso/dso_lib.c b/crypto/openssl/crypto/dso/dso_lib.c
index 2e75021d39ea6..50a39bb7d5d8a 100644
--- a/crypto/openssl/crypto/dso/dso_lib.c
+++ b/crypto/openssl/crypto/dso/dso_lib.c
@@ -7,7 +7,7 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include "dso_locl.h"
+#include "dso_local.h"
 #include "internal/refcount.h"
 
 static DSO_METHOD *default_DSO_meth = NULL;
diff --git a/crypto/openssl/crypto/dso/dso_locl.h b/crypto/openssl/crypto/dso/dso_local.h
index 14a0ccb7c0128..43b7df9d78329 100644
--- a/crypto/openssl/crypto/dso/dso_locl.h
+++ b/crypto/openssl/crypto/dso/dso_local.h
@@ -10,7 +10,7 @@
 #include <stdio.h>
 #include "internal/cryptlib.h"
 #include "internal/dso.h"
-#include "internal/dso_conf.h"
+#include "crypto/dso_conf.h"
 #include "internal/refcount.h"
 
 /**********************************************************************/
diff --git a/crypto/openssl/crypto/dso/dso_openssl.c b/crypto/openssl/crypto/dso/dso_openssl.c
index f0dd38ace2599..c76a04db23f98 100644
--- a/crypto/openssl/crypto/dso/dso_openssl.c
+++ b/crypto/openssl/crypto/dso/dso_openssl.c
@@ -7,7 +7,7 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include "dso_locl.h"
+#include "dso_local.h"
 
 #ifdef DSO_NONE
 
diff --git a/crypto/openssl/crypto/ec/asm/ecp_nistz256-armv4.pl b/crypto/openssl/crypto/ec/asm/ecp_nistz256-armv4.pl
index 83abbdd895780..ea538c0698d54 100755
--- a/crypto/openssl/crypto/ec/asm/ecp_nistz256-armv4.pl
+++ b/crypto/openssl/crypto/ec/asm/ecp_nistz256-armv4.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -1394,7 +1394,7 @@ my ($Z1sqr, $Z2sqr) = ($Hsqr, $Rsqr);
 # 256-bit vectors on top. Then note that we push
 # starting from r0, which means that we have copy of
 # input arguments just below these temporary vectors.
-# We use three of them for !in1infty, !in2intfy and
+# We use three of them for ~in1infty, ~in2infty and
 # result of check for zero.
 
 $code.=<<___;
@@ -1424,7 +1424,7 @@ ecp_nistz256_point_add:
 #endif
 	movne	r12,#-1
 	stmia	r3,{r4-r11}
-	str	r12,[sp,#32*18+8]	@ !in2infty
+	str	r12,[sp,#32*18+8]	@ ~in2infty
 
 	ldmia	$a_ptr!,{r4-r11}	@ copy in1_x
 	add	r3,sp,#$in1_x
@@ -1445,7 +1445,7 @@ ecp_nistz256_point_add:
 #endif
 	movne	r12,#-1
 	stmia	r3,{r4-r11}
-	str	r12,[sp,#32*18+4]	@ !in1infty
+	str	r12,[sp,#32*18+4]	@ ~in1infty
 
 	add	$a_ptr,sp,#$in2_z
 	add	$b_ptr,sp,#$in2_z
@@ -1510,33 +1510,20 @@ ecp_nistz256_point_add:
 	orr	$a0,$a0,$a2
 	orr	$a4,$a4,$a6
 	orr	$a0,$a0,$a7
-	orrs	$a0,$a0,$a4
+	orr	$a0,$a0,$a4		@ ~is_equal(U1,U2)
 
-	bne	.Ladd_proceed		@ is_equal(U1,U2)?
+	ldr	$t0,[sp,#32*18+4]	@ ~in1infty
+	ldr	$t1,[sp,#32*18+8]	@ ~in2infty
+	ldr	$t2,[sp,#32*18+12]	@ ~is_equal(S1,S2)
+	mvn	$t0,$t0			@ -1/0 -> 0/-1
+	mvn	$t1,$t1			@ -1/0 -> 0/-1
+	orr	$a0,$t0
+	orr	$a0,$t1
+	orrs	$a0,$t2			@ set flags
 
-	ldr	$t0,[sp,#32*18+4]
-	ldr	$t1,[sp,#32*18+8]
-	ldr	$t2,[sp,#32*18+12]
-	tst	$t0,$t1
-	beq	.Ladd_proceed		@ (in1infty || in2infty)?
-	tst	$t2,$t2
-	beq	.Ladd_double		@ is_equal(S1,S2)?
+	@ if(~is_equal(U1,U2) | in1infty | in2infty | ~is_equal(S1,S2))
+	bne	.Ladd_proceed
 
-	ldr	$r_ptr,[sp,#32*18+16]
-	eor	r4,r4,r4
-	eor	r5,r5,r5
-	eor	r6,r6,r6
-	eor	r7,r7,r7
-	eor	r8,r8,r8
-	eor	r9,r9,r9
-	eor	r10,r10,r10
-	eor	r11,r11,r11
-	stmia	$r_ptr!,{r4-r11}
-	stmia	$r_ptr!,{r4-r11}
-	stmia	$r_ptr!,{r4-r11}
-	b	.Ladd_done
-
-.align	4
 .Ladd_double:
 	ldr	$a_ptr,[sp,#32*18+20]
 	add	sp,sp,#32*(18-5)+16	@ difference in frame sizes
@@ -1601,15 +1588,15 @@ ecp_nistz256_point_add:
 	add	$b_ptr,sp,#$S2
 	bl	__ecp_nistz256_sub_from	@ p256_sub(res_y, res_y, S2);
 
-	ldr	r11,[sp,#32*18+4]	@ !in1intfy
-	ldr	r12,[sp,#32*18+8]	@ !in2intfy
+	ldr	r11,[sp,#32*18+4]	@ ~in1infty
+	ldr	r12,[sp,#32*18+8]	@ ~in2infty
 	add	r1,sp,#$res_x
 	add	r2,sp,#$in2_x
-	and	r10,r11,r12
+	and	r10,r11,r12		@ ~in1infty & ~in2infty
 	mvn	r11,r11
 	add	r3,sp,#$in1_x
-	and	r11,r11,r12
-	mvn	r12,r12
+	and	r11,r11,r12		@ in1infty & ~in2infty
+	mvn	r12,r12			@ in2infty
 	ldr	$r_ptr,[sp,#32*18+16]
 ___
 for($i=0;$i<96;$i+=8) {			# conditional moves
@@ -1617,11 +1604,11 @@ $code.=<<___;
 	ldmia	r1!,{r4-r5}		@ res_x
 	ldmia	r2!,{r6-r7}		@ in2_x
 	ldmia	r3!,{r8-r9}		@ in1_x
-	and	r4,r4,r10
+	and	r4,r4,r10		@ ~in1infty & ~in2infty
 	and	r5,r5,r10
-	and	r6,r6,r11
+	and	r6,r6,r11		@ in1infty & ~in2infty
 	and	r7,r7,r11
-	and	r8,r8,r12
+	and	r8,r8,r12		@ in2infty
 	and	r9,r9,r12
 	orr	r4,r4,r6
 	orr	r5,r5,r7
@@ -1656,7 +1643,7 @@ my $Z1sqr = $S2;
 # 256-bit vectors on top. Then note that we push
 # starting from r0, which means that we have copy of
 # input arguments just below these temporary vectors.
-# We use two of them for !in1infty, !in2intfy.
+# We use two of them for ~in1infty, ~in2infty.
 
 my @ONE_mont=(1,0,0,-1,-1,-1,-2,0);
 
@@ -1687,7 +1674,7 @@ ecp_nistz256_point_add_affine:
 #endif
 	movne	r12,#-1
 	stmia	r3,{r4-r11}
-	str	r12,[sp,#32*15+4]	@ !in1infty
+	str	r12,[sp,#32*15+4]	@ ~in1infty
 
 	ldmia	$b_ptr!,{r4-r11}	@ copy in2_x
 	add	r3,sp,#$in2_x
@@ -1714,7 +1701,7 @@ ecp_nistz256_point_add_affine:
 	it	ne
 #endif
 	movne	r12,#-1
-	str	r12,[sp,#32*15+8]	@ !in2infty
+	str	r12,[sp,#32*15+8]	@ ~in2infty
 
 	add	$a_ptr,sp,#$in1_z
 	add	$b_ptr,sp,#$in1_z
@@ -1796,15 +1783,15 @@ ecp_nistz256_point_add_affine:
 	add	$b_ptr,sp,#$S2
 	bl	__ecp_nistz256_sub_from	@ p256_sub(res_y, res_y, S2);
 
-	ldr	r11,[sp,#32*15+4]	@ !in1intfy
-	ldr	r12,[sp,#32*15+8]	@ !in2intfy
+	ldr	r11,[sp,#32*15+4]	@ ~in1infty
+	ldr	r12,[sp,#32*15+8]	@ ~in2infty
 	add	r1,sp,#$res_x
 	add	r2,sp,#$in2_x
-	and	r10,r11,r12
+	and	r10,r11,r12		@ ~in1infty & ~in2infty
 	mvn	r11,r11
 	add	r3,sp,#$in1_x
-	and	r11,r11,r12
-	mvn	r12,r12
+	and	r11,r11,r12		@ in1infty & ~in2infty
+	mvn	r12,r12			@ in2infty
 	ldr	$r_ptr,[sp,#32*15]
 ___
 for($i=0;$i<64;$i+=8) {			# conditional moves
@@ -1812,11 +1799,11 @@ $code.=<<___;
 	ldmia	r1!,{r4-r5}		@ res_x
 	ldmia	r2!,{r6-r7}		@ in2_x
 	ldmia	r3!,{r8-r9}		@ in1_x
-	and	r4,r4,r10
+	and	r4,r4,r10		@ ~in1infty & ~in2infty
 	and	r5,r5,r10
-	and	r6,r6,r11
+	and	r6,r6,r11		@ in1infty & ~in2infty
 	and	r7,r7,r11
-	and	r8,r8,r12
+	and	r8,r8,r12		@ in2infty
 	and	r9,r9,r12
 	orr	r4,r4,r6
 	orr	r5,r5,r7
@@ -1862,4 +1849,4 @@ foreach (split("\n",$code)) {
 
 	print $_,"\n";
 }
-close STDOUT;	# enforce flush
+close STDOUT or die "error closing STDOUT: $!";	# enforce flush
diff --git a/crypto/openssl/crypto/ec/asm/ecp_nistz256-armv8.pl b/crypto/openssl/crypto/ec/asm/ecp_nistz256-armv8.pl
index 887ddfb1ea9b1..e93e18f29f19b 100755
--- a/crypto/openssl/crypto/ec/asm/ecp_nistz256-armv8.pl
+++ b/crypto/openssl/crypto/ec/asm/ecp_nistz256-armv8.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -722,7 +722,7 @@ $code.=<<___;
 .align	5
 ecp_nistz256_point_double:
 	.inst	0xd503233f		// paciasp
-	stp	x29,x30,[sp,#-80]!
+	stp	x29,x30,[sp,#-96]!
 	add	x29,sp,#0
 	stp	x19,x20,[sp,#16]
 	stp	x21,x22,[sp,#32]
@@ -855,7 +855,7 @@ ecp_nistz256_point_double:
 	add	sp,x29,#0		// destroy frame
 	ldp	x19,x20,[x29,#16]
 	ldp	x21,x22,[x29,#32]
-	ldp	x29,x30,[sp],#80
+	ldp	x29,x30,[sp],#96
 	.inst	0xd50323bf		// autiasp
 	ret
 .size	ecp_nistz256_point_double,.-ecp_nistz256_point_double
@@ -872,7 +872,7 @@ my ($res_x,$res_y,$res_z,
 my ($Z1sqr, $Z2sqr) = ($Hsqr, $Rsqr);
 # above map() describes stack layout with 12 temporary
 # 256-bit vectors on top.
-my ($rp_real,$ap_real,$bp_real,$in1infty,$in2infty,$temp)=map("x$_",(21..26));
+my ($rp_real,$ap_real,$bp_real,$in1infty,$in2infty,$temp0,$temp1,$temp2)=map("x$_",(21..28));
 
 $code.=<<___;
 .globl	ecp_nistz256_point_add
@@ -880,12 +880,13 @@ $code.=<<___;
 .align	5
 ecp_nistz256_point_add:
 	.inst	0xd503233f		// paciasp
-	stp	x29,x30,[sp,#-80]!
+	stp	x29,x30,[sp,#-96]!
 	add	x29,sp,#0
 	stp	x19,x20,[sp,#16]
 	stp	x21,x22,[sp,#32]
 	stp	x23,x24,[sp,#48]
 	stp	x25,x26,[sp,#64]
+	stp	x27,x28,[sp,#80]
 	sub	sp,sp,#32*12
 
 	ldp	$a0,$a1,[$bp,#64]	// in2_z
@@ -899,7 +900,7 @@ ecp_nistz256_point_add:
 	orr	$t2,$a2,$a3
 	orr	$in2infty,$t0,$t2
 	cmp	$in2infty,#0
-	csetm	$in2infty,ne		// !in2infty
+	csetm	$in2infty,ne		// ~in2infty
 	add	$rp,sp,#$Z2sqr
 	bl	__ecp_nistz256_sqr_mont	// p256_sqr_mont(Z2sqr, in2_z);
 
@@ -909,7 +910,7 @@ ecp_nistz256_point_add:
 	orr	$t2,$a2,$a3
 	orr	$in1infty,$t0,$t2
 	cmp	$in1infty,#0
-	csetm	$in1infty,ne		// !in1infty
+	csetm	$in1infty,ne		// ~in1infty
 	add	$rp,sp,#$Z1sqr
 	bl	__ecp_nistz256_sqr_mont	// p256_sqr_mont(Z1sqr, in1_z);
 
@@ -950,7 +951,7 @@ ecp_nistz256_point_add:
 
 	orr	$acc0,$acc0,$acc1	// see if result is zero
 	orr	$acc2,$acc2,$acc3
-	orr	$temp,$acc0,$acc2
+	orr	$temp0,$acc0,$acc2	// ~is_equal(S1,S2)
 
 	add	$bp,sp,#$Z2sqr
 	add	$rp,sp,#$U1
@@ -971,32 +972,21 @@ ecp_nistz256_point_add:
 
 	orr	$acc0,$acc0,$acc1	// see if result is zero
 	orr	$acc2,$acc2,$acc3
-	orr	$acc0,$acc0,$acc2
-	tst	$acc0,$acc0
-	b.ne	.Ladd_proceed		// is_equal(U1,U2)?
+	orr	$acc0,$acc0,$acc2	// ~is_equal(U1,U2)
 
-	tst	$in1infty,$in2infty
-	b.eq	.Ladd_proceed		// (in1infty || in2infty)?
+	mvn	$temp1,$in1infty	// -1/0 -> 0/-1
+	mvn	$temp2,$in2infty	// -1/0 -> 0/-1
+	orr	$acc0,$acc0,$temp1
+	orr	$acc0,$acc0,$temp2
+	orr	$acc0,$acc0,$temp0
+	cbnz	$acc0,.Ladd_proceed	// if(~is_equal(U1,U2) | in1infty | in2infty | ~is_equal(S1,S2))
 
-	tst	$temp,$temp
-	b.eq	.Ladd_double		// is_equal(S1,S2)?
-
-	eor	$a0,$a0,$a0
-	eor	$a1,$a1,$a1
-	stp	$a0,$a1,[$rp_real]
-	stp	$a0,$a1,[$rp_real,#16]
-	stp	$a0,$a1,[$rp_real,#32]
-	stp	$a0,$a1,[$rp_real,#48]
-	stp	$a0,$a1,[$rp_real,#64]
-	stp	$a0,$a1,[$rp_real,#80]
-	b	.Ladd_done
-
-.align	4
 .Ladd_double:
 	mov	$ap,$ap_real
 	mov	$rp,$rp_real
 	ldp	x23,x24,[x29,#48]
 	ldp	x25,x26,[x29,#64]
+	ldp	x27,x28,[x29,#80]
 	add	sp,sp,#32*(12-4)	// difference in stack frames
 	b	.Ldouble_shortcut
 
@@ -1081,14 +1071,14 @@ ___
 for($i=0;$i<64;$i+=32) {		# conditional moves
 $code.=<<___;
 	ldp	$acc0,$acc1,[$ap_real,#$i]	// in1
-	cmp	$in1infty,#0			// !$in1intfy, remember?
+	cmp	$in1infty,#0			// ~$in1intfy, remember?
 	ldp	$acc2,$acc3,[$ap_real,#$i+16]
 	csel	$t0,$a0,$t0,ne
 	csel	$t1,$a1,$t1,ne
 	ldp	$a0,$a1,[sp,#$res_x+$i+32]	// res
 	csel	$t2,$a2,$t2,ne
 	csel	$t3,$a3,$t3,ne
-	cmp	$in2infty,#0			// !$in2intfy, remember?
+	cmp	$in2infty,#0			// ~$in2intfy, remember?
 	ldp	$a2,$a3,[sp,#$res_x+$i+48]
 	csel	$acc0,$t0,$acc0,ne
 	csel	$acc1,$t1,$acc1,ne
@@ -1102,13 +1092,13 @@ ___
 }
 $code.=<<___;
 	ldp	$acc0,$acc1,[$ap_real,#$i]	// in1
-	cmp	$in1infty,#0			// !$in1intfy, remember?
+	cmp	$in1infty,#0			// ~$in1intfy, remember?
 	ldp	$acc2,$acc3,[$ap_real,#$i+16]
 	csel	$t0,$a0,$t0,ne
 	csel	$t1,$a1,$t1,ne
 	csel	$t2,$a2,$t2,ne
 	csel	$t3,$a3,$t3,ne
-	cmp	$in2infty,#0			// !$in2intfy, remember?
+	cmp	$in2infty,#0			// ~$in2intfy, remember?
 	csel	$acc0,$t0,$acc0,ne
 	csel	$acc1,$t1,$acc1,ne
 	csel	$acc2,$t2,$acc2,ne
@@ -1122,7 +1112,8 @@ $code.=<<___;
 	ldp	x21,x22,[x29,#32]
 	ldp	x23,x24,[x29,#48]
 	ldp	x25,x26,[x29,#64]
-	ldp	x29,x30,[sp],#80
+	ldp	x27,x28,[x29,#80]
+	ldp	x29,x30,[sp],#96
 	.inst	0xd50323bf		// autiasp
 	ret
 .size	ecp_nistz256_point_add,.-ecp_nistz256_point_add
@@ -1166,7 +1157,7 @@ ecp_nistz256_point_add_affine:
 	orr	$t2,$a2,$a3
 	orr	$in1infty,$t0,$t2
 	cmp	$in1infty,#0
-	csetm	$in1infty,ne		// !in1infty
+	csetm	$in1infty,ne		// ~in1infty
 
 	ldp	$acc0,$acc1,[$bp]	// in2_x
 	ldp	$acc2,$acc3,[$bp,#16]
@@ -1180,7 +1171,7 @@ ecp_nistz256_point_add_affine:
 	orr	$t0,$t0,$t2
 	orr	$in2infty,$acc0,$t0
 	cmp	$in2infty,#0
-	csetm	$in2infty,ne		// !in2infty
+	csetm	$in2infty,ne		// ~in2infty
 
 	add	$rp,sp,#$Z1sqr
 	bl	__ecp_nistz256_sqr_mont	// p256_sqr_mont(Z1sqr, in1_z);
@@ -1290,14 +1281,14 @@ ___
 for($i=0;$i<64;$i+=32) {		# conditional moves
 $code.=<<___;
 	ldp	$acc0,$acc1,[$ap_real,#$i]	// in1
-	cmp	$in1infty,#0			// !$in1intfy, remember?
+	cmp	$in1infty,#0			// ~$in1intfy, remember?
 	ldp	$acc2,$acc3,[$ap_real,#$i+16]
 	csel	$t0,$a0,$t0,ne
 	csel	$t1,$a1,$t1,ne
 	ldp	$a0,$a1,[sp,#$res_x+$i+32]	// res
 	csel	$t2,$a2,$t2,ne
 	csel	$t3,$a3,$t3,ne
-	cmp	$in2infty,#0			// !$in2intfy, remember?
+	cmp	$in2infty,#0			// ~$in2intfy, remember?
 	ldp	$a2,$a3,[sp,#$res_x+$i+48]
 	csel	$acc0,$t0,$acc0,ne
 	csel	$acc1,$t1,$acc1,ne
@@ -1314,13 +1305,13 @@ ___
 }
 $code.=<<___;
 	ldp	$acc0,$acc1,[$ap_real,#$i]	// in1
-	cmp	$in1infty,#0			// !$in1intfy, remember?
+	cmp	$in1infty,#0			// ~$in1intfy, remember?
 	ldp	$acc2,$acc3,[$ap_real,#$i+16]
 	csel	$t0,$a0,$t0,ne
 	csel	$t1,$a1,$t1,ne
 	csel	$t2,$a2,$t2,ne
 	csel	$t3,$a3,$t3,ne
-	cmp	$in2infty,#0			// !$in2intfy, remember?
+	cmp	$in2infty,#0			// ~$in2intfy, remember?
 	csel	$acc0,$t0,$acc0,ne
 	csel	$acc1,$t1,$acc1,ne
 	csel	$acc2,$t2,$acc2,ne
@@ -1880,4 +1871,4 @@ foreach (split("\n",$code)) {
 
 	print $_,"\n";
 }
-close STDOUT;	# enforce flush
+close STDOUT or die "error closing STDOUT: $!";	# enforce flush
diff --git a/crypto/openssl/crypto/ec/asm/ecp_nistz256-avx2.pl b/crypto/openssl/crypto/ec/asm/ecp_nistz256-avx2.pl
index 794e56a082fc8..5071d09ac2ecc 100755
--- a/crypto/openssl/crypto/ec/asm/ecp_nistz256-avx2.pl
+++ b/crypto/openssl/crypto/ec/asm/ecp_nistz256-avx2.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved.
 # Copyright (c) 2014, Intel Corporation. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
@@ -47,7 +47,7 @@ if (!$addx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
 	$addx = ($1>=12);
 }
 
-if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9])\.([0-9]+)/) {
+if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([0-9]+)\.([0-9]+)/) {
 	my $ver = $2 + $3/100.0;	# 3.1->3.01, 3.10->3.10
 	$avx = ($ver>=3.0) + ($ver>=3.01);
 	$addx = ($ver>=3.03);
@@ -2077,4 +2077,4 @@ foreach (split("\n",$code)) {
 	print $_,"\n";
 }
 
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/ec/asm/ecp_nistz256-ppc64.pl b/crypto/openssl/crypto/ec/asm/ecp_nistz256-ppc64.pl
index 984c7f205056c..2bf54e2aa544b 100755
--- a/crypto/openssl/crypto/ec/asm/ecp_nistz256-ppc64.pl
+++ b/crypto/openssl/crypto/ec/asm/ecp_nistz256-ppc64.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -2379,4 +2379,4 @@ foreach (split("\n",$code)) {
 
 	print $_,"\n";
 }
-close STDOUT;	# enforce flush
+close STDOUT or die "error closing STDOUT: $!";	# enforce flush
diff --git a/crypto/openssl/crypto/ec/asm/ecp_nistz256-sparcv9.pl b/crypto/openssl/crypto/ec/asm/ecp_nistz256-sparcv9.pl
index 4383bea4a7bed..042e122718b78 100755
--- a/crypto/openssl/crypto/ec/asm/ecp_nistz256-sparcv9.pl
+++ b/crypto/openssl/crypto/ec/asm/ecp_nistz256-sparcv9.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -3057,4 +3057,4 @@ foreach (split("\n",$code)) {
 	print $_,"\n";
 }
 
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/ec/asm/ecp_nistz256-x86.pl b/crypto/openssl/crypto/ec/asm/ecp_nistz256-x86.pl
index 0c6fc665bf461..e926d69b020b1 100755
--- a/crypto/openssl/crypto/ec/asm/ecp_nistz256-x86.pl
+++ b/crypto/openssl/crypto/ec/asm/ecp_nistz256-x86.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -1388,7 +1388,7 @@ for ($i=0;$i<7;$i++) {
 
 	# above map() describes stack layout with 18 temporary
 	# 256-bit vectors on top, then we take extra words for
-	# !in1infty, !in2infty, result of check for zero and
+	# ~in1infty, ~in2infty, result of check for zero and
 	# OPENSSL_ia32cap_P copy. [one unused word for padding]
 	&stack_push(8*18+5);
 						if ($sse2) {
@@ -1419,7 +1419,7 @@ for ($i=0;$i<7;$i++) {
 	&sub	("eax","ebp");
 	&or	("ebp","eax");
 	&sar	("ebp",31);
-	&mov	(&DWP(32*18+4,"esp"),"ebp");	# !in2infty
+	&mov	(&DWP(32*18+4,"esp"),"ebp");	# ~in2infty
 
 	&lea	("edi",&DWP($in1_x,"esp"));
     for($i=0;$i<96;$i+=16) {
@@ -1441,7 +1441,7 @@ for ($i=0;$i<7;$i++) {
 	&sub	("eax","ebp");
 	&or	("ebp","eax");
 	&sar	("ebp",31);
-	&mov	(&DWP(32*18+0,"esp"),"ebp");	# !in1infty
+	&mov	(&DWP(32*18+0,"esp"),"ebp");	# ~in1infty
 
 	&mov	("eax",&DWP(32*18+12,"esp"));	# OPENSSL_ia32cap_P copy
 	&lea	("esi",&DWP($in2_z,"esp"));
@@ -1516,23 +1516,19 @@ for ($i=0;$i<7;$i++) {
 	&or	("eax",&DWP(0,"edi"));
 	&or	("eax",&DWP(4,"edi"));
 	&or	("eax",&DWP(8,"edi"));
-	&or	("eax",&DWP(12,"edi"));
+	&or	("eax",&DWP(12,"edi"));		# ~is_equal(U1,U2)
 
-	&data_byte(0x3e);			# predict taken
-	&jnz	(&label("add_proceed"));	# is_equal(U1,U2)?
-
-	&mov	("eax",&DWP(32*18+0,"esp"));
-	&and	("eax",&DWP(32*18+4,"esp"));
-	&mov	("ebx",&DWP(32*18+8,"esp"));
-	&jz	(&label("add_proceed"));	# (in1infty || in2infty)?
-	&test	("ebx","ebx");
-	&jz	(&label("add_double"));		# is_equal(S1,S2)?
+	&mov	("ebx",&DWP(32*18+0,"esp"));	# ~in1infty
+	&not	("ebx");			# -1/0 -> 0/-1
+	&or	("eax","ebx");
+	&mov	("ebx",&DWP(32*18+4,"esp"));	# ~in2infty
+	&not	("ebx");			# -1/0 -> 0/-1
+	&or	("eax","ebx");
+	&or	("eax",&DWP(32*18+8,"esp"));	# ~is_equal(S1,S2)
 
-	&mov	("edi",&wparam(0));
-	&xor	("eax","eax");
-	&mov	("ecx",96/4);
-	&data_byte(0xfc,0xf3,0xab);		# cld; stosd
-	&jmp	(&label("add_done"));
+	# if (~is_equal(U1,U2) | in1infty | in2infty | ~is_equal(S1,S2))
+	&data_byte(0x3e);			# predict taken
+	&jnz	(&label("add_proceed"));
 
 &set_label("add_double",16);
 	&mov	("esi",&wparam(1));
@@ -1614,34 +1610,34 @@ for ($i=0;$i<7;$i++) {
 	&lea	("edi",&DWP($res_y,"esp"));
 	&call	("_ecp_nistz256_sub");		# p256_sub(res_y, res_y, S2);
 
-	&mov	("ebp",&DWP(32*18+0,"esp"));	# !in1infty
-	&mov	("esi",&DWP(32*18+4,"esp"));	# !in2infty
+	&mov	("ebp",&DWP(32*18+0,"esp"));	# ~in1infty
+	&mov	("esi",&DWP(32*18+4,"esp"));	# ~in2infty
 	&mov	("edi",&wparam(0));
 	&mov	("edx","ebp");
 	&not	("ebp");
-	&and	("edx","esi");
-	&and	("ebp","esi");
-	&not	("esi");
+	&and	("edx","esi");			# ~in1infty & ~in2infty
+	&and	("ebp","esi");			# in1infty & ~in2infty
+	&not	("esi");			# in2infty
 
 	########################################
 	# conditional moves
     for($i=64;$i<96;$i+=4) {
-	&mov	("eax","edx");
+	&mov	("eax","edx");			# ~in1infty & ~in2infty
 	&and	("eax",&DWP($res_x+$i,"esp"));
-	&mov	("ebx","ebp");
+	&mov	("ebx","ebp");			# in1infty & ~in2infty
 	&and	("ebx",&DWP($in2_x+$i,"esp"));
-	&mov	("ecx","esi");
+	&mov	("ecx","esi");			# in2infty
 	&and	("ecx",&DWP($in1_x+$i,"esp"));
 	&or	("eax","ebx");
 	&or	("eax","ecx");
 	&mov	(&DWP($i,"edi"),"eax");
     }
     for($i=0;$i<64;$i+=4) {
-	&mov	("eax","edx");
+	&mov	("eax","edx");			# ~in1infty & ~in2infty
 	&and	("eax",&DWP($res_x+$i,"esp"));
-	&mov	("ebx","ebp");
+	&mov	("ebx","ebp");			# in1infty & ~in2infty
 	&and	("ebx",&DWP($in2_x+$i,"esp"));
-	&mov	("ecx","esi");
+	&mov	("ecx","esi");			# in2infty
 	&and	("ecx",&DWP($in1_x+$i,"esp"));
 	&or	("eax","ebx");
 	&or	("eax","ecx");
@@ -1668,7 +1664,7 @@ for ($i=0;$i<7;$i++) {
 
 	# above map() describes stack layout with 15 temporary
 	# 256-bit vectors on top, then we take extra words for
-	# !in1infty, !in2infty, and OPENSSL_ia32cap_P copy.
+	# ~in1infty, ~in2infty, and OPENSSL_ia32cap_P copy.
 	&stack_push(8*15+3);
 						if ($sse2) {
 	&call	("_picup_eax");
@@ -1698,7 +1694,7 @@ for ($i=0;$i<7;$i++) {
 	&sub	("eax","ebp");
 	&or	("ebp","eax");
 	&sar	("ebp",31);
-	&mov	(&DWP(32*15+0,"esp"),"ebp");	# !in1infty
+	&mov	(&DWP(32*15+0,"esp"),"ebp");	# ~in1infty
 
 	&lea	("edi",&DWP($in2_x,"esp"));
     for($i=0;$i<64;$i+=16) {
@@ -1724,7 +1720,7 @@ for ($i=0;$i<7;$i++) {
 	 &lea	("ebp",&DWP($in1_z,"esp"));
 	&sar	("ebx",31);
 	 &lea	("edi",&DWP($Z1sqr,"esp"));
-	&mov	(&DWP(32*15+4,"esp"),"ebx");	# !in2infty
+	&mov	(&DWP(32*15+4,"esp"),"ebx");	# ~in2infty
 
 	&call	("_ecp_nistz256_mul_mont");	# p256_sqr_mont(Z1sqr, in1_z);
 
@@ -1823,14 +1819,14 @@ for ($i=0;$i<7;$i++) {
 	&lea	("edi",&DWP($res_y,"esp"));
 	&call	("_ecp_nistz256_sub");		# p256_sub(res_y, res_y, S2);
 
-	&mov	("ebp",&DWP(32*15+0,"esp"));	# !in1infty
-	&mov	("esi",&DWP(32*15+4,"esp"));	# !in2infty
+	&mov	("ebp",&DWP(32*15+0,"esp"));	# ~in1infty
+	&mov	("esi",&DWP(32*15+4,"esp"));	# ~in2infty
 	&mov	("edi",&wparam(0));
 	&mov	("edx","ebp");
 	&not	("ebp");
-	&and	("edx","esi");
-	&and	("ebp","esi");
-	&not	("esi");
+	&and	("edx","esi");			# ~in1infty & ~in2infty
+	&and	("ebp","esi");			# in1infty & ~in2infty
+	&not	("esi");			# in2infty
 
 	########################################
 	# conditional moves
@@ -1848,11 +1844,11 @@ for ($i=0;$i<7;$i++) {
 	&mov	(&DWP($i,"edi"),"eax");
     }
     for($i=0;$i<64;$i+=4) {
-	&mov	("eax","edx");
+	&mov	("eax","edx");			# ~in1infty & ~in2infty
 	&and	("eax",&DWP($res_x+$i,"esp"));
-	&mov	("ebx","ebp");
+	&mov	("ebx","ebp");			# in1infty & ~in2infty
 	&and	("ebx",&DWP($in2_x+$i,"esp"));
-	&mov	("ecx","esi");
+	&mov	("ecx","esi");			# in2infty
 	&and	("ecx",&DWP($in1_x+$i,"esp"));
 	&or	("eax","ebx");
 	&or	("eax","ecx");
@@ -1863,4 +1859,4 @@ for ($i=0;$i<7;$i++) {
 
 &asm_finish();
 
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/ec/asm/ecp_nistz256-x86_64.pl b/crypto/openssl/crypto/ec/asm/ecp_nistz256-x86_64.pl
index 10ccc6414a498..de9b194510bf0 100755
--- a/crypto/openssl/crypto/ec/asm/ecp_nistz256-x86_64.pl
+++ b/crypto/openssl/crypto/ec/asm/ecp_nistz256-x86_64.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2014-2019 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved.
 # Copyright (c) 2014, Intel Corporation. All Rights Reserved.
 # Copyright (c) 2015 CloudFlare, Inc.
 #
@@ -72,7 +72,7 @@ if (!$addx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
 	$addx = ($1>=12);
 }
 
-if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9])\.([0-9]+)/) {
+if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([0-9]+)\.([0-9]+)/) {
 	my $ver = $2 + $3/100.0;	# 3.1->3.01, 3.10->3.10
 	$avx = ($ver>=3.0) + ($ver>=3.01);
 	$addx = ($ver>=3.03);
@@ -1579,6 +1579,7 @@ $code.=<<___;
 .type	ecp_nistz256_to_mont,\@function,2
 .align	32
 ecp_nistz256_to_mont:
+.cfi_startproc
 ___
 $code.=<<___	if ($addx);
 	mov	\$0x80100, %ecx
@@ -1587,6 +1588,7 @@ ___
 $code.=<<___;
 	lea	.LRR(%rip), $b_org
 	jmp	.Lmul_mont
+.cfi_endproc
 .size	ecp_nistz256_to_mont,.-ecp_nistz256_to_mont
 
 ################################################################################
@@ -2562,6 +2564,7 @@ $code.=<<___;
 .type	ecp_nistz256_scatter_w5,\@abi-omnipotent
 .align	32
 ecp_nistz256_scatter_w5:
+.cfi_startproc
 	lea	-3($index,$index,2), $index
 	movdqa	0x00($in_t), %xmm0
 	shl	\$5, $index
@@ -2578,6 +2581,7 @@ ecp_nistz256_scatter_w5:
 	movdqa	%xmm5, 0x50($val,$index)
 
 	ret
+.cfi_endproc
 .size	ecp_nistz256_scatter_w5,.-ecp_nistz256_scatter_w5
 
 ################################################################################
@@ -2685,6 +2689,7 @@ $code.=<<___;
 .type	ecp_nistz256_scatter_w7,\@abi-omnipotent
 .align	32
 ecp_nistz256_scatter_w7:
+.cfi_startproc
 	movdqu	0x00($in_t), %xmm0
 	shl	\$6, $index
 	movdqu	0x10($in_t), %xmm1
@@ -2696,6 +2701,7 @@ ecp_nistz256_scatter_w7:
 	movdqa	%xmm3, 0x30($val,$index)
 
 	ret
+.cfi_endproc
 .size	ecp_nistz256_scatter_w7,.-ecp_nistz256_scatter_w7
 
 ################################################################################
@@ -3020,8 +3026,10 @@ $code.=<<___;
 .type	ecp_nistz256_avx2_gather_w7,\@function,3
 .align	32
 ecp_nistz256_avx2_gather_w7:
+.cfi_startproc
 	.byte	0x0f,0x0b	# ud2
 	ret
+.cfi_endproc
 .size	ecp_nistz256_avx2_gather_w7,.-ecp_nistz256_avx2_gather_w7
 ___
 }
@@ -3618,28 +3626,18 @@ $code.=<<___;
 
 	or	$acc5, $acc4			# see if result is zero
 	or	$acc0, $acc4
+	or	$acc1, $acc4			# !is_equal(U1, U2)
+
+	movq	%xmm2, $acc0			# in1infty | in2infty
+	movq	%xmm3, $acc1			# !is_equal(S1, S2)
+
+	or	$acc0, $acc4
 	or	$acc1, $acc4
 
+	# if (!is_equal(U1, U2) | in1infty | in2infty | !is_equal(S1, S2))
 	.byte	0x3e				# predict taken
-	jnz	.Ladd_proceed$x			# is_equal(U1,U2)?
-	movq	%xmm2, $acc0
-	movq	%xmm3, $acc1
-	test	$acc0, $acc0
-	jnz	.Ladd_proceed$x			# (in1infty || in2infty)?
-	test	$acc1, $acc1
-	jz	.Ladd_double$x			# is_equal(S1,S2)?
+	jnz	.Ladd_proceed$x
 
-	movq	%xmm0, $r_ptr			# restore $r_ptr
-	pxor	%xmm0, %xmm0
-	movdqu	%xmm0, 0x00($r_ptr)
-	movdqu	%xmm0, 0x10($r_ptr)
-	movdqu	%xmm0, 0x20($r_ptr)
-	movdqu	%xmm0, 0x30($r_ptr)
-	movdqu	%xmm0, 0x40($r_ptr)
-	movdqu	%xmm0, 0x50($r_ptr)
-	jmp	.Ladd_done$x
-
-.align	32
 .Ladd_double$x:
 	movq	%xmm1, $a_ptr			# restore $a_ptr
 	movq	%xmm0, $r_ptr			# restore $r_ptr
@@ -4738,4 +4736,4 @@ ___
 
 $code =~ s/\`([^\`]*)\`/eval $1/gem;
 print $code;
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/ec/asm/x25519-ppc64.pl b/crypto/openssl/crypto/ec/asm/x25519-ppc64.pl
index 6e8b36420f53b..f4b523bf8a081 100755
--- a/crypto/openssl/crypto/ec/asm/x25519-ppc64.pl
+++ b/crypto/openssl/crypto/ec/asm/x25519-ppc64.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -821,4 +821,4 @@ ___
 
 $code =~ s/\`([^\`]*)\`/eval $1/gem;
 print $code;
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/ec/asm/x25519-x86_64.pl b/crypto/openssl/crypto/ec/asm/x25519-x86_64.pl
index 18dc6af9fae9f..3d9d1dc1ad0c5 100755
--- a/crypto/openssl/crypto/ec/asm/x25519-x86_64.pl
+++ b/crypto/openssl/crypto/ec/asm/x25519-x86_64.pl
@@ -1,5 +1,5 @@
 #!/usr/bin/env perl
-# Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -90,7 +90,7 @@ if (!$addx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
 	$addx = ($1>=12);
 }
 
-if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9])\.([0-9]+)/) {
+if (!$addx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([0-9]+)\.([0-9]+)/) {
 	my $ver = $2 + $3/100.0;	# 3.1->3.01, 3.10->3.10
 	$addx = ($ver>=3.03);
 }
@@ -488,12 +488,14 @@ $code.=<<___;
 .type	x25519_fe64_eligible,\@abi-omnipotent
 .align	32
 x25519_fe64_eligible:
+.cfi_startproc
 	mov	OPENSSL_ia32cap_P+8(%rip),%ecx
 	xor	%eax,%eax
 	and	\$0x80100,%ecx
 	cmp	\$0x80100,%ecx
 	cmove	%ecx,%eax
 	ret
+.cfi_endproc
 .size	x25519_fe64_eligible,.-x25519_fe64_eligible
 
 .globl	x25519_fe64_mul
@@ -722,6 +724,7 @@ x25519_fe64_sqr:
 .align	32
 x25519_fe64_mul121666:
 .Lfe64_mul121666_body:
+.cfi_startproc
 	mov	\$121666,%edx
 	mulx	8*0(%rsi),$acc0,%rcx
 	mulx	8*1(%rsi),$acc1,%rax
@@ -750,6 +753,7 @@ x25519_fe64_mul121666:
 
 .Lfe64_mul121666_epilogue:
 	ret
+.cfi_endproc
 .size	x25519_fe64_mul121666,.-x25519_fe64_mul121666
 
 .globl	x25519_fe64_add
@@ -757,6 +761,7 @@ x25519_fe64_mul121666:
 .align	32
 x25519_fe64_add:
 .Lfe64_add_body:
+.cfi_startproc
 	mov	8*0(%rsi),$acc0
 	mov	8*1(%rsi),$acc1
 	mov	8*2(%rsi),$acc2
@@ -785,6 +790,7 @@ x25519_fe64_add:
 
 .Lfe64_add_epilogue:
 	ret
+.cfi_endproc
 .size	x25519_fe64_add,.-x25519_fe64_add
 
 .globl	x25519_fe64_sub
@@ -792,6 +798,7 @@ x25519_fe64_add:
 .align	32
 x25519_fe64_sub:
 .Lfe64_sub_body:
+.cfi_startproc
 	mov	8*0(%rsi),$acc0
 	mov	8*1(%rsi),$acc1
 	mov	8*2(%rsi),$acc2
@@ -820,6 +827,7 @@ x25519_fe64_sub:
 
 .Lfe64_sub_epilogue:
 	ret
+.cfi_endproc
 .size	x25519_fe64_sub,.-x25519_fe64_sub
 
 .globl	x25519_fe64_tobytes
@@ -827,6 +835,7 @@ x25519_fe64_sub:
 .align	32
 x25519_fe64_tobytes:
 .Lfe64_to_body:
+.cfi_startproc
 	mov	8*0(%rsi),$acc0
 	mov	8*1(%rsi),$acc1
 	mov	8*2(%rsi),$acc2
@@ -862,6 +871,7 @@ x25519_fe64_tobytes:
 
 .Lfe64_to_epilogue:
 	ret
+.cfi_endproc
 .size	x25519_fe64_tobytes,.-x25519_fe64_tobytes
 ___
 } else {
@@ -870,8 +880,10 @@ $code.=<<___;
 .type	x25519_fe64_eligible,\@abi-omnipotent
 .align	32
 x25519_fe64_eligible:
+.cfi_startproc
 	xor	%eax,%eax
 	ret
+.cfi_endproc
 .size	x25519_fe64_eligible,.-x25519_fe64_eligible
 
 .globl	x25519_fe64_mul
@@ -887,8 +899,10 @@ x25519_fe64_mul121666:
 x25519_fe64_add:
 x25519_fe64_sub:
 x25519_fe64_tobytes:
+.cfi_startproc
 	.byte	0x0f,0x0b	# ud2
 	ret
+.cfi_endproc
 .size	x25519_fe64_mul,.-x25519_fe64_mul
 ___
 }
@@ -1114,4 +1128,4 @@ ___
 
 $code =~ s/\`([^\`]*)\`/eval $1/gem;
 print $code;
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/ec/curve25519.c b/crypto/openssl/crypto/ec/curve25519.c
index c5d887ec4cd49..952da0e653853 100644
--- a/crypto/openssl/crypto/ec/curve25519.c
+++ b/crypto/openssl/crypto/ec/curve25519.c
@@ -8,7 +8,7 @@
  */
 
 #include <string.h>
-#include "ec_lcl.h"
+#include "ec_local.h"
 #include <openssl/sha.h>
 
 #if defined(X25519_ASM) && (defined(__x86_64) || defined(__x86_64__) || \
diff --git a/crypto/openssl/crypto/ec/curve448/arch_32/arch_intrinsics.h b/crypto/openssl/crypto/ec/curve448/arch_32/arch_intrinsics.h
index 48081c77170b0..5f6389863d151 100644
--- a/crypto/openssl/crypto/ec/curve448/arch_32/arch_intrinsics.h
+++ b/crypto/openssl/crypto/ec/curve448/arch_32/arch_intrinsics.h
@@ -10,10 +10,10 @@
  * Originally written by Mike Hamburg
  */
 
-#ifndef HEADER_ARCH_32_ARCH_INTRINSICS_H
-# define HEADER_ARCH_32_ARCH_INTRINSICS_H
+#ifndef OSSL_CRYPTO_EC_CURVE448_ARCH_32_INTRINSICS_H
+# define OSSL_CRYPTO_EC_CURVE448_ARCH_32_INTRINSICS_H
 
-#include "internal/constant_time_locl.h"
+#include "internal/constant_time.h"
 
 # define ARCH_WORD_BITS 32
 
@@ -24,4 +24,4 @@ static ossl_inline uint64_t widemul(uint32_t a, uint32_t b)
     return ((uint64_t)a) * b;
 }
 
-#endif                          /* HEADER_ARCH_32_ARCH_INTRINSICS_H */
+#endif                          /* OSSL_CRYPTO_EC_CURVE448_ARCH_32_INTRINSICS_H */
diff --git a/crypto/openssl/crypto/ec/curve448/arch_32/f_impl.h b/crypto/openssl/crypto/ec/curve448/arch_32/f_impl.h
index bbde84a038975..e1ddddaee08da 100644
--- a/crypto/openssl/crypto/ec/curve448/arch_32/f_impl.h
+++ b/crypto/openssl/crypto/ec/curve448/arch_32/f_impl.h
@@ -10,8 +10,8 @@
  * Originally written by Mike Hamburg
  */
 
-#ifndef HEADER_ARCH_32_F_IMPL_H
-# define HEADER_ARCH_32_F_IMPL_H
+#ifndef OSSL_CRYPTO_EC_CURVE448_ARCH_32_F_IMPL_H
+# define OSSL_CRYPTO_EC_CURVE448_ARCH_32_F_IMPL_H
 
 # define GF_HEADROOM 2
 # define LIMB(x) ((x) & ((1 << 28) - 1)), ((x) >> 28)
@@ -57,4 +57,4 @@ void gf_weak_reduce(gf a)
     a->limb[0] = (a->limb[0] & mask) + tmp;
 }
 
-#endif                  /* HEADER_ARCH_32_F_IMPL_H */
+#endif                  /* OSSL_CRYPTO_EC_CURVE448_ARCH_32_F_IMPL_H */
diff --git a/crypto/openssl/crypto/ec/curve448/curve448.c b/crypto/openssl/crypto/ec/curve448/curve448.c
index 19bd3857812c5..12d97f06795b5 100644
--- a/crypto/openssl/crypto/ec/curve448/curve448.c
+++ b/crypto/openssl/crypto/ec/curve448/curve448.c
@@ -15,7 +15,7 @@
 
 #include "point_448.h"
 #include "ed448.h"
-#include "curve448_lcl.h"
+#include "curve448_local.h"
 
 #define COFACTOR 4
 
diff --git a/crypto/openssl/crypto/ec/curve448/curve448_lcl.h b/crypto/openssl/crypto/ec/curve448/curve448_local.h
index 2bc3bd84c86d0..b27770661f891 100644
--- a/crypto/openssl/crypto/ec/curve448/curve448_lcl.h
+++ b/crypto/openssl/crypto/ec/curve448/curve448_local.h
@@ -6,8 +6,8 @@
  * in the file LICENSE in the source distribution or at
  * https://www.openssl.org/source/license.html
  */
-#ifndef HEADER_CURVE448_LCL_H
-# define HEADER_CURVE448_LCL_H
+#ifndef OSSL_CRYPTO_EC_CURVE448_LOCAL_H
+# define OSSL_CRYPTO_EC_CURVE448_LOCAL_H
 # include "curve448utils.h"
 
 int X448(uint8_t out_shared_key[56], const uint8_t private_key[56],
@@ -35,4 +35,4 @@ int ED448ph_verify(const uint8_t hash[64], const uint8_t signature[114],
 int ED448_public_from_private(uint8_t out_public_key[57],
                               const uint8_t private_key[57]);
 
-#endif              /* HEADER_CURVE448_LCL_H */
+#endif              /* OSSL_CRYPTO_EC_CURVE448_LOCAL_H */
diff --git a/crypto/openssl/crypto/ec/curve448/curve448utils.h b/crypto/openssl/crypto/ec/curve448/curve448utils.h
index 9032bb4f730ad..86c258e745e4b 100644
--- a/crypto/openssl/crypto/ec/curve448/curve448utils.h
+++ b/crypto/openssl/crypto/ec/curve448/curve448utils.h
@@ -10,8 +10,8 @@
  * Originally written by Mike Hamburg
  */
 
-#ifndef HEADER_CURVE448UTILS_H
-# define HEADER_CURVE448UTILS_H
+#ifndef OSSL_CRYPTO_EC_CURVE448UTILS_H
+# define OSSL_CRYPTO_EC_CURVE448UTILS_H
 
 # include <openssl/e_os2.h>
 
diff --git a/crypto/openssl/crypto/ec/curve448/ed448.h b/crypto/openssl/crypto/ec/curve448/ed448.h
index 5fe939e8e19da..c1e5c2832f9bc 100644
--- a/crypto/openssl/crypto/ec/curve448/ed448.h
+++ b/crypto/openssl/crypto/ec/curve448/ed448.h
@@ -10,8 +10,8 @@
  * Originally written by Mike Hamburg
  */
 
-#ifndef HEADER_ED448_H
-# define HEADER_ED448_H
+#ifndef OSSL_CRYPTO_EC_CURVE448_ED448_H
+# define OSSL_CRYPTO_EC_CURVE448_ED448_H
 
 # include "point_448.h"
 
@@ -192,4 +192,4 @@ c448_error_t c448_ed448_convert_private_key_to_x448(
                             uint8_t x[X448_PRIVATE_BYTES],
                             const uint8_t ed[EDDSA_448_PRIVATE_BYTES]);
 
-#endif                          /* HEADER_ED448_H */
+#endif                          /* OSSL_CRYPTO_EC_CURVE448_ED448_H */
diff --git a/crypto/openssl/crypto/ec/curve448/eddsa.c b/crypto/openssl/crypto/ec/curve448/eddsa.c
index b28f7dff91386..82741f543549f 100644
--- a/crypto/openssl/crypto/ec/curve448/eddsa.c
+++ b/crypto/openssl/crypto/ec/curve448/eddsa.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright 2015-2016 Cryptography Research, Inc.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
@@ -12,7 +12,7 @@
 #include <string.h>
 #include <openssl/crypto.h>
 #include <openssl/evp.h>
-#include "curve448_lcl.h"
+#include "curve448_local.h"
 #include "word.h"
 #include "ed448.h"
 #include "internal/numbers.h"
@@ -50,7 +50,12 @@ static c448_error_t hash_init_with_dom(EVP_MD_CTX *hashctx, uint8_t prehashed,
                                        const uint8_t *context,
                                        size_t context_len)
 {
-    const char *dom_s = "SigEd448";
+#ifdef CHARSET_EBCDIC
+    const char dom_s[] = {0x53, 0x69, 0x67, 0x45,
+                          0x64, 0x34, 0x34, 0x38, 0x00};
+#else
+    const char dom_s[] = "SigEd448";
+#endif
     uint8_t dom[2];
 
     if (context_len > UINT8_MAX)
diff --git a/crypto/openssl/crypto/ec/curve448/field.h b/crypto/openssl/crypto/ec/curve448/field.h
index d96d4c023d446..ccd04482d2053 100644
--- a/crypto/openssl/crypto/ec/curve448/field.h
+++ b/crypto/openssl/crypto/ec/curve448/field.h
@@ -10,10 +10,10 @@
  * Originally written by Mike Hamburg
  */
 
-#ifndef HEADER_FIELD_H
-# define HEADER_FIELD_H
+#ifndef OSSL_CRYPTO_EC_CURVE448_FIELD_H
+# define OSSL_CRYPTO_EC_CURVE448_FIELD_H
 
-# include "internal/constant_time_locl.h"
+# include "internal/constant_time.h"
 # include <string.h>
 # include <assert.h>
 # include "word.h"
@@ -165,4 +165,4 @@ static ossl_inline void gf_cond_swap(gf x, gf_s * RESTRICT y, mask_t swap)
     }
 }
 
-#endif                          /* HEADER_FIELD_H */
+#endif                          /* OSSL_CRYPTO_EC_CURVE448_FIELD_H */
diff --git a/crypto/openssl/crypto/ec/curve448/point_448.h b/crypto/openssl/crypto/ec/curve448/point_448.h
index 399f91b9a1d98..93e715fd9c8d8 100644
--- a/crypto/openssl/crypto/ec/curve448/point_448.h
+++ b/crypto/openssl/crypto/ec/curve448/point_448.h
@@ -10,8 +10,8 @@
  * Originally written by Mike Hamburg
  */
 
-#ifndef HEADER_POINT_448_H
-# define HEADER_POINT_448_H
+#ifndef OSSL_CRYPTO_EC_CURVE448_POINT_448_H
+# define OSSL_CRYPTO_EC_CURVE448_POINT_448_H
 
 # include "curve448utils.h"
 # include "field.h"
@@ -298,4 +298,4 @@ void curve448_scalar_destroy(curve448_scalar_t scalar);
 /* Overwrite point with zeros. */
 void curve448_point_destroy(curve448_point_t point);
 
-#endif                          /* HEADER_POINT_448_H */
+#endif                          /* OSSL_CRYPTO_EC_CURVE448_POINT_448_H */
diff --git a/crypto/openssl/crypto/ec/curve448/word.h b/crypto/openssl/crypto/ec/curve448/word.h
index a48b9e053a5c9..237cc9b63139a 100644
--- a/crypto/openssl/crypto/ec/curve448/word.h
+++ b/crypto/openssl/crypto/ec/curve448/word.h
@@ -10,8 +10,8 @@
  * Originally written by Mike Hamburg
  */
 
-#ifndef HEADER_WORD_H
-# define HEADER_WORD_H
+#ifndef OSSL_CRYPTO_EC_CURVE448_WORD_H
+# define OSSL_CRYPTO_EC_CURVE448_WORD_H
 
 # include <string.h>
 # include <assert.h>
@@ -78,4 +78,4 @@ static ossl_inline mask_t bool_to_mask(c448_bool_t m)
     return ret;
 }
 
-#endif                          /* HEADER_WORD_H */
+#endif                          /* OSSL_CRYPTO_EC_CURVE448_WORD_H */
diff --git a/crypto/openssl/crypto/ec/ec2_oct.c b/crypto/openssl/crypto/ec/ec2_oct.c
index ee300518d69c9..48543265eeabb 100644
--- a/crypto/openssl/crypto/ec/ec2_oct.c
+++ b/crypto/openssl/crypto/ec/ec2_oct.c
@@ -10,7 +10,7 @@
 
 #include <openssl/err.h>
 
-#include "ec_lcl.h"
+#include "ec_local.h"
 
 #ifndef OPENSSL_NO_EC2M
 
diff --git a/crypto/openssl/crypto/ec/ec2_smpl.c b/crypto/openssl/crypto/ec/ec2_smpl.c
index 898e741fcb97e..84e5537a034a1 100644
--- a/crypto/openssl/crypto/ec/ec2_smpl.c
+++ b/crypto/openssl/crypto/ec/ec2_smpl.c
@@ -10,8 +10,8 @@
 
 #include <openssl/err.h>
 
-#include "internal/bn_int.h"
-#include "ec_lcl.h"
+#include "crypto/bn.h"
+#include "ec_local.h"
 
 #ifndef OPENSSL_NO_EC2M
 
diff --git a/crypto/openssl/crypto/ec/ec_ameth.c b/crypto/openssl/crypto/ec/ec_ameth.c
index c086f47ab3ccc..2210383739218 100644
--- a/crypto/openssl/crypto/ec/ec_ameth.c
+++ b/crypto/openssl/crypto/ec/ec_ameth.c
@@ -14,9 +14,9 @@
 #include <openssl/bn.h>
 #include <openssl/cms.h>
 #include <openssl/asn1t.h>
-#include "internal/asn1_int.h"
-#include "internal/evp_int.h"
-#include "ec_lcl.h"
+#include "crypto/asn1.h"
+#include "crypto/evp.h"
+#include "ec_local.h"
 
 #ifndef OPENSSL_NO_CMS
 static int ecdh_cms_decrypt(CMS_RecipientInfo *ri);
diff --git a/crypto/openssl/crypto/ec/ec_asn1.c b/crypto/openssl/crypto/ec/ec_asn1.c
index 1ce1181fc10a2..336afc989d301 100644
--- a/crypto/openssl/crypto/ec/ec_asn1.c
+++ b/crypto/openssl/crypto/ec/ec_asn1.c
@@ -8,7 +8,7 @@
  */
 
 #include <string.h>
-#include "ec_lcl.h"
+#include "ec_local.h"
 #include <openssl/err.h>
 #include <openssl/asn1t.h>
 #include <openssl/objects.h>
@@ -446,6 +446,7 @@ ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group,
     unsigned char *buffer = NULL;
     const EC_POINT *point = NULL;
     point_conversion_form_t form;
+    ASN1_INTEGER *orig;
 
     if (params == NULL) {
         if ((ret = ECPARAMETERS_new()) == NULL) {
@@ -496,8 +497,9 @@ ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group,
         ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_EC_LIB);
         goto err;
     }
-    ret->order = BN_to_ASN1_INTEGER(tmp, ret->order);
+    ret->order = BN_to_ASN1_INTEGER(tmp, orig = ret->order);
     if (ret->order == NULL) {
+        ret->order = orig;
         ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_ASN1_LIB);
         goto err;
     }
@@ -505,8 +507,9 @@ ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group,
     /* set the cofactor (optional) */
     tmp = EC_GROUP_get0_cofactor(group);
     if (tmp != NULL) {
-        ret->cofactor = BN_to_ASN1_INTEGER(tmp, ret->cofactor);
+        ret->cofactor = BN_to_ASN1_INTEGER(tmp, orig = ret->cofactor);
         if (ret->cofactor == NULL) {
+            ret->cofactor = orig;
             ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_ASN1_LIB);
             goto err;
         }
@@ -846,6 +849,20 @@ EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params)
          * serialized using explicit parameters by default.
          */
         EC_GROUP_set_asn1_flag(ret, OPENSSL_EC_EXPLICIT_CURVE);
+
+        /*
+         * If the input params do not contain the optional seed field we make
+         * sure it is not added to the returned group.
+         *
+         * The seed field is not really used inside libcrypto anyway, and
+         * adding it to parsed explicit parameter keys would alter their DER
+         * encoding output (because of the extra field) which could impact
+         * applications fingerprinting keys by their DER encoding.
+         */
+        if (params->curve->seed == NULL) {
+            if (EC_GROUP_set_seed(ret, NULL, 0) != 1)
+                goto err;
+        }
     }
 
     ok = 1;
diff --git a/crypto/openssl/crypto/ec/ec_check.c b/crypto/openssl/crypto/ec/ec_check.c
index eeb06ec1cbe30..d0706d2857e69 100644
--- a/crypto/openssl/crypto/ec/ec_check.c
+++ b/crypto/openssl/crypto/ec/ec_check.c
@@ -7,7 +7,7 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include "ec_lcl.h"
+#include "ec_local.h"
 #include <openssl/err.h>
 
 int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx)
diff --git a/crypto/openssl/crypto/ec/ec_curve.c b/crypto/openssl/crypto/ec/ec_curve.c
index 477349d4413e1..8de486cbd763e 100644
--- a/crypto/openssl/crypto/ec/ec_curve.c
+++ b/crypto/openssl/crypto/ec/ec_curve.c
@@ -9,7 +9,7 @@
  */
 
 #include <string.h>
-#include "ec_lcl.h"
+#include "ec_local.h"
 #include <openssl/err.h>
 #include <openssl/obj_mac.h>
 #include <openssl/opensslconf.h>
diff --git a/crypto/openssl/crypto/ec/ec_cvt.c b/crypto/openssl/crypto/ec/ec_cvt.c
index 0ec346c125ade..944e317d9d140 100644
--- a/crypto/openssl/crypto/ec/ec_cvt.c
+++ b/crypto/openssl/crypto/ec/ec_cvt.c
@@ -9,7 +9,7 @@
  */
 
 #include <openssl/err.h>
-#include "ec_lcl.h"
+#include "ec_local.h"
 
 EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a,
                                  const BIGNUM *b, BN_CTX *ctx)
diff --git a/crypto/openssl/crypto/ec/ec_key.c b/crypto/openssl/crypto/ec/ec_key.c
index 9349abf03079f..08aaac5d8a6f5 100644
--- a/crypto/openssl/crypto/ec/ec_key.c
+++ b/crypto/openssl/crypto/ec/ec_key.c
@@ -10,7 +10,7 @@
 
 #include "internal/cryptlib.h"
 #include <string.h>
-#include "ec_lcl.h"
+#include "ec_local.h"
 #include "internal/refcount.h"
 #include <openssl/err.h>
 #include <openssl/engine.h>
diff --git a/crypto/openssl/crypto/ec/ec_kmeth.c b/crypto/openssl/crypto/ec/ec_kmeth.c
index 64a5d20872e44..53a4a9295201a 100644
--- a/crypto/openssl/crypto/ec/ec_kmeth.c
+++ b/crypto/openssl/crypto/ec/ec_kmeth.c
@@ -11,7 +11,7 @@
 #include <openssl/ec.h>
 #include <openssl/engine.h>
 #include <openssl/err.h>
-#include "ec_lcl.h"
+#include "ec_local.h"
 
 
 static const EC_KEY_METHOD openssl_ec_key_method = {
diff --git a/crypto/openssl/crypto/ec/ec_lib.c b/crypto/openssl/crypto/ec/ec_lib.c
index 1289c8608eddf..3554ada82797b 100644
--- a/crypto/openssl/crypto/ec/ec_lib.c
+++ b/crypto/openssl/crypto/ec/ec_lib.c
@@ -13,7 +13,7 @@
 #include <openssl/err.h>
 #include <openssl/opensslv.h>
 
-#include "ec_lcl.h"
+#include "ec_local.h"
 
 /* functions for EC_GROUP objects */
 
diff --git a/crypto/openssl/crypto/ec/ec_lcl.h b/crypto/openssl/crypto/ec/ec_local.h
index fbdb04ea3a042..e656fbd5e7755 100644
--- a/crypto/openssl/crypto/ec/ec_lcl.h
+++ b/crypto/openssl/crypto/ec/ec_local.h
@@ -14,7 +14,7 @@
 #include <openssl/ec.h>
 #include <openssl/bn.h>
 #include "internal/refcount.h"
-#include "internal/ec_int.h"
+#include "crypto/ec.h"
 
 #if defined(__SUNPRO_C)
 # if __SUNPRO_C >= 0x520
diff --git a/crypto/openssl/crypto/ec/ec_mult.c b/crypto/openssl/crypto/ec/ec_mult.c
index 57bdf116f1b68..7980a6728288d 100644
--- a/crypto/openssl/crypto/ec/ec_mult.c
+++ b/crypto/openssl/crypto/ec/ec_mult.c
@@ -12,8 +12,8 @@
 #include <openssl/err.h>
 
 #include "internal/cryptlib.h"
-#include "internal/bn_int.h"
-#include "ec_lcl.h"
+#include "crypto/bn.h"
+#include "ec_local.h"
 #include "internal/refcount.h"
 
 /*
diff --git a/crypto/openssl/crypto/ec/ec_oct.c b/crypto/openssl/crypto/ec/ec_oct.c
index 522f79e67360d..7ddc86b047ca8 100644
--- a/crypto/openssl/crypto/ec/ec_oct.c
+++ b/crypto/openssl/crypto/ec/ec_oct.c
@@ -13,7 +13,7 @@
 #include <openssl/err.h>
 #include <openssl/opensslv.h>
 
-#include "ec_lcl.h"
+#include "ec_local.h"
 
 int EC_POINT_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *point,
                                         const BIGNUM *x, int y_bit, BN_CTX *ctx)
diff --git a/crypto/openssl/crypto/ec/ec_pmeth.c b/crypto/openssl/crypto/ec/ec_pmeth.c
index 454be16c54391..64d2cc93a6201 100644
--- a/crypto/openssl/crypto/ec/ec_pmeth.c
+++ b/crypto/openssl/crypto/ec/ec_pmeth.c
@@ -12,9 +12,9 @@
 #include <openssl/asn1t.h>
 #include <openssl/x509.h>
 #include <openssl/ec.h>
-#include "ec_lcl.h"
+#include "ec_local.h"
 #include <openssl/evp.h>
-#include "internal/evp_int.h"
+#include "crypto/evp.h"
 
 /* EC pkey context structure */
 
diff --git a/crypto/openssl/crypto/ec/ec_print.c b/crypto/openssl/crypto/ec/ec_print.c
index 027a51928aab8..660fc400fb758 100644
--- a/crypto/openssl/crypto/ec/ec_print.c
+++ b/crypto/openssl/crypto/ec/ec_print.c
@@ -9,7 +9,7 @@
 
 #include <openssl/crypto.h>
 #include <openssl/err.h>
-#include "ec_lcl.h"
+#include "ec_local.h"
 
 BIGNUM *EC_POINT_point2bn(const EC_GROUP *group,
                           const EC_POINT *point,
@@ -39,13 +39,13 @@ EC_POINT *EC_POINT_bn2point(const EC_GROUP *group,
     EC_POINT *ret;
 
     if ((buf_len = BN_num_bytes(bn)) == 0)
-        return NULL;
+        buf_len = 1;
     if ((buf = OPENSSL_malloc(buf_len)) == NULL) {
         ECerr(EC_F_EC_POINT_BN2POINT, ERR_R_MALLOC_FAILURE);
         return NULL;
     }
 
-    if (!BN_bn2bin(bn, buf)) {
+    if (!BN_bn2binpad(bn, buf, buf_len)) {
         OPENSSL_free(buf);
         return NULL;
     }
diff --git a/crypto/openssl/crypto/ec/ecdh_kdf.c b/crypto/openssl/crypto/ec/ecdh_kdf.c
index d686f9d897df1..96efac62f66f2 100644
--- a/crypto/openssl/crypto/ec/ecdh_kdf.c
+++ b/crypto/openssl/crypto/ec/ecdh_kdf.c
@@ -10,7 +10,7 @@
 #include <string.h>
 #include <openssl/ec.h>
 #include <openssl/evp.h>
-#include "ec_lcl.h"
+#include "ec_local.h"
 
 /* Key derivation function from X9.63/SECG */
 /* Way more than we will ever need */
diff --git a/crypto/openssl/crypto/ec/ecdh_ossl.c b/crypto/openssl/crypto/ec/ecdh_ossl.c
index ab51ee7138ff8..0be00d43da4e0 100644
--- a/crypto/openssl/crypto/ec/ecdh_ossl.c
+++ b/crypto/openssl/crypto/ec/ecdh_ossl.c
@@ -17,7 +17,7 @@
 #include <openssl/bn.h>
 #include <openssl/objects.h>
 #include <openssl/ec.h>
-#include "ec_lcl.h"
+#include "ec_local.h"
 
 int ossl_ecdh_compute_key(unsigned char **psec, size_t *pseclen,
                           const EC_POINT *pub_key, const EC_KEY *ecdh)
diff --git a/crypto/openssl/crypto/ec/ecdsa_ossl.c b/crypto/openssl/crypto/ec/ecdsa_ossl.c
index c35ed2dcd0e7d..1da87bfb5e393 100644
--- a/crypto/openssl/crypto/ec/ecdsa_ossl.c
+++ b/crypto/openssl/crypto/ec/ecdsa_ossl.c
@@ -11,8 +11,8 @@
 #include <openssl/err.h>
 #include <openssl/obj_mac.h>
 #include <openssl/rand.h>
-#include "internal/bn_int.h"
-#include "ec_lcl.h"
+#include "crypto/bn.h"
+#include "ec_local.h"
 
 int ossl_ecdsa_sign(int type, const unsigned char *dgst, int dlen,
                     unsigned char *sig, unsigned int *siglen,
@@ -309,7 +309,7 @@ int ossl_ecdsa_verify(int type, const unsigned char *dgst, int dgst_len,
         goto err;
     ret = ECDSA_do_verify(dgst, dgst_len, s, eckey);
  err:
-    OPENSSL_clear_free(der, derlen);
+    OPENSSL_free(der);
     ECDSA_SIG_free(s);
     return ret;
 }
diff --git a/crypto/openssl/crypto/ec/ecdsa_sign.c b/crypto/openssl/crypto/ec/ecdsa_sign.c
index aee06e991bada..dc79c8c8e3dff 100644
--- a/crypto/openssl/crypto/ec/ecdsa_sign.c
+++ b/crypto/openssl/crypto/ec/ecdsa_sign.c
@@ -8,7 +8,7 @@
  */
 
 #include <openssl/ec.h>
-#include "ec_lcl.h"
+#include "ec_local.h"
 #include <openssl/err.h>
 
 ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dlen, EC_KEY *eckey)
diff --git a/crypto/openssl/crypto/ec/ecdsa_vrf.c b/crypto/openssl/crypto/ec/ecdsa_vrf.c
index f61a20063e4b5..ff597bdc143c9 100644
--- a/crypto/openssl/crypto/ec/ecdsa_vrf.c
+++ b/crypto/openssl/crypto/ec/ecdsa_vrf.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -8,7 +8,7 @@
  */
 
 #include <openssl/ec.h>
-#include "ec_lcl.h"
+#include "ec_local.h"
 #include <openssl/err.h>
 
 /*-
@@ -23,7 +23,7 @@ int ECDSA_do_verify(const unsigned char *dgst, int dgst_len,
     if (eckey->meth->verify_sig != NULL)
         return eckey->meth->verify_sig(dgst, dgst_len, sig, eckey);
     ECerr(EC_F_ECDSA_DO_VERIFY, EC_R_OPERATION_NOT_SUPPORTED);
-    return 0;
+    return -1;
 }
 
 /*-
@@ -39,5 +39,5 @@ int ECDSA_verify(int type, const unsigned char *dgst, int dgst_len,
         return eckey->meth->verify(type, dgst, dgst_len, sigbuf, sig_len,
                                    eckey);
     ECerr(EC_F_ECDSA_VERIFY, EC_R_OPERATION_NOT_SUPPORTED);
-    return 0;
+    return -1;
 }
diff --git a/crypto/openssl/crypto/ec/ecp_mont.c b/crypto/openssl/crypto/ec/ecp_mont.c
index 252e66ef3791c..bdc39d5efb0ef 100644
--- a/crypto/openssl/crypto/ec/ecp_mont.c
+++ b/crypto/openssl/crypto/ec/ecp_mont.c
@@ -10,7 +10,7 @@
 
 #include <openssl/err.h>
 
-#include "ec_lcl.h"
+#include "ec_local.h"
 
 const EC_METHOD *EC_GFp_mont_method(void)
 {
diff --git a/crypto/openssl/crypto/ec/ecp_nist.c b/crypto/openssl/crypto/ec/ecp_nist.c
index 5eaa99d8402b6..9fd01279a8911 100644
--- a/crypto/openssl/crypto/ec/ecp_nist.c
+++ b/crypto/openssl/crypto/ec/ecp_nist.c
@@ -12,7 +12,7 @@
 
 #include <openssl/err.h>
 #include <openssl/obj_mac.h>
-#include "ec_lcl.h"
+#include "ec_local.h"
 
 const EC_METHOD *EC_GFp_nist_method(void)
 {
diff --git a/crypto/openssl/crypto/ec/ecp_nistp224.c b/crypto/openssl/crypto/ec/ecp_nistp224.c
index fbbdb9d9386cb..9a9ced8f13434 100644
--- a/crypto/openssl/crypto/ec/ecp_nistp224.c
+++ b/crypto/openssl/crypto/ec/ecp_nistp224.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2010-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -38,7 +38,7 @@ NON_EMPTY_TRANSLATION_UNIT
 # include <stdint.h>
 # include <string.h>
 # include <openssl/err.h>
-# include "ec_lcl.h"
+# include "ec_local.h"
 
 # if defined(__SIZEOF_INT128__) && __SIZEOF_INT128__==16
   /* even with gcc, the typedef won't work for 32-bit platforms */
@@ -907,6 +907,7 @@ static void point_add(felem x3, felem y3, felem z3,
     felem ftmp, ftmp2, ftmp3, ftmp4, ftmp5, x_out, y_out, z_out;
     widefelem tmp, tmp2;
     limb z1_is_zero, z2_is_zero, x_equal, y_equal;
+    limb points_equal;
 
     if (!mixed) {
         /* ftmp2 = z2^2 */
@@ -963,15 +964,41 @@ static void point_add(felem x3, felem y3, felem z3,
     felem_reduce(ftmp, tmp);
 
     /*
-     * the formulae are incorrect if the points are equal so we check for
-     * this and do doubling if this happens
+     * The formulae are incorrect if the points are equal, in affine coordinates
+     * (X_1, Y_1) == (X_2, Y_2), so we check for this and do doubling if this
+     * happens.
+     *
+     * We use bitwise operations to avoid potential side-channels introduced by
+     * the short-circuiting behaviour of boolean operators.
      */
     x_equal = felem_is_zero(ftmp);
     y_equal = felem_is_zero(ftmp3);
+    /*
+     * The special case of either point being the point at infinity (z1 and/or
+     * z2 are zero), is handled separately later on in this function, so we
+     * avoid jumping to point_double here in those special cases.
+     */
     z1_is_zero = felem_is_zero(z1);
     z2_is_zero = felem_is_zero(z2);
-    /* In affine coordinates, (X_1, Y_1) == (X_2, Y_2) */
-    if (x_equal && y_equal && !z1_is_zero && !z2_is_zero) {
+
+    /*
+     * Compared to `ecp_nistp256.c` and `ecp_nistp521.c`, in this
+     * specific implementation `felem_is_zero()` returns truth as `0x1`
+     * (rather than `0xff..ff`).
+     *
+     * This implies that `~true` in this implementation becomes
+     * `0xff..fe` (rather than `0x0`): for this reason, to be used in
+     * the if expression, we mask out only the last bit in the next
+     * line.
+     */
+    points_equal = (x_equal & y_equal & (~z1_is_zero) & (~z2_is_zero)) & 1;
+
+    if (points_equal) {
+        /*
+         * This is obviously not constant-time but, as mentioned before, this
+         * case never happens during single point multiplication, so there is no
+         * timing leak for ECDH or ECDSA signing.
+         */
         point_double(x3, y3, z3, x1, y1, z1);
         return;
     }
diff --git a/crypto/openssl/crypto/ec/ecp_nistp256.c b/crypto/openssl/crypto/ec/ecp_nistp256.c
index 22ba69aa44bae..e23e9d2a0b348 100644
--- a/crypto/openssl/crypto/ec/ecp_nistp256.c
+++ b/crypto/openssl/crypto/ec/ecp_nistp256.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2011-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -39,7 +39,7 @@ NON_EMPTY_TRANSLATION_UNIT
 # include <stdint.h>
 # include <string.h>
 # include <openssl/err.h>
-# include "ec_lcl.h"
+# include "ec_local.h"
 
 # if defined(__SIZEOF_INT128__) && __SIZEOF_INT128__==16
   /* even with gcc, the typedef won't work for 32-bit platforms */
@@ -74,8 +74,8 @@ static const felem_bytearray nistp256_curve_params[5] = {
     {0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x01, /* a = -3 */
      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
      0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff,
-     0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfc}, /* b */
-    {0x5a, 0xc6, 0x35, 0xd8, 0xaa, 0x3a, 0x93, 0xe7,
+     0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfc},
+    {0x5a, 0xc6, 0x35, 0xd8, 0xaa, 0x3a, 0x93, 0xe7, /* b */
      0xb3, 0xeb, 0xbd, 0x55, 0x76, 0x98, 0x86, 0xbc,
      0x65, 0x1d, 0x06, 0xb0, 0xcc, 0x53, 0xb0, 0xf6,
      0x3b, 0xce, 0x3c, 0x3e, 0x27, 0xd2, 0x60, 0x4b},
@@ -1241,6 +1241,7 @@ static void point_add(felem x3, felem y3, felem z3,
     longfelem tmp, tmp2;
     smallfelem small1, small2, small3, small4, small5;
     limb x_equal, y_equal, z1_is_zero, z2_is_zero;
+    limb points_equal;
 
     felem_shrink(small3, z1);
 
@@ -1340,7 +1341,26 @@ static void point_add(felem x3, felem y3, felem z3,
     felem_shrink(small1, ftmp5);
     y_equal = smallfelem_is_zero(small1);
 
-    if (x_equal && y_equal && !z1_is_zero && !z2_is_zero) {
+    /*
+     * The formulae are incorrect if the points are equal, in affine coordinates
+     * (X_1, Y_1) == (X_2, Y_2), so we check for this and do doubling if this
+     * happens.
+     *
+     * We use bitwise operations to avoid potential side-channels introduced by
+     * the short-circuiting behaviour of boolean operators.
+     *
+     * The special case of either point being the point at infinity (z1 and/or
+     * z2 are zero), is handled separately later on in this function, so we
+     * avoid jumping to point_double here in those special cases.
+     */
+    points_equal = (x_equal & y_equal & (~z1_is_zero) & (~z2_is_zero));
+
+    if (points_equal) {
+        /*
+         * This is obviously not constant-time but, as mentioned before, this
+         * case never happens during single point multiplication, so there is no
+         * timing leak for ECDH or ECDSA signing.
+         */
         point_double(x3, y3, z3, x1, y1, z1);
         return;
     }
diff --git a/crypto/openssl/crypto/ec/ecp_nistp521.c b/crypto/openssl/crypto/ec/ecp_nistp521.c
index 6340f48279374..75eeba853679c 100644
--- a/crypto/openssl/crypto/ec/ecp_nistp521.c
+++ b/crypto/openssl/crypto/ec/ecp_nistp521.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2011-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -38,7 +38,7 @@ NON_EMPTY_TRANSLATION_UNIT
 
 # include <string.h>
 # include <openssl/err.h>
-# include "ec_lcl.h"
+# include "ec_local.h"
 
 # if defined(__SIZEOF_INT128__) && __SIZEOF_INT128__==16
   /* even with gcc, the typedef won't work for 32-bit platforms */
@@ -1158,6 +1158,7 @@ static void point_add(felem x3, felem y3, felem z3,
     felem ftmp, ftmp2, ftmp3, ftmp4, ftmp5, ftmp6, x_out, y_out, z_out;
     largefelem tmp, tmp2;
     limb x_equal, y_equal, z1_is_zero, z2_is_zero;
+    limb points_equal;
 
     z1_is_zero = felem_is_zero(z1);
     z2_is_zero = felem_is_zero(z2);
@@ -1242,7 +1243,24 @@ static void point_add(felem x3, felem y3, felem z3,
     felem_scalar64(ftmp5, 2);
     /* ftmp5[i] < 2^61 */
 
-    if (x_equal && y_equal && !z1_is_zero && !z2_is_zero) {
+    /*
+     * The formulae are incorrect if the points are equal, in affine coordinates
+     * (X_1, Y_1) == (X_2, Y_2), so we check for this and do doubling if this
+     * happens.
+     *
+     * We use bitwise operations to avoid potential side-channels introduced by
+     * the short-circuiting behaviour of boolean operators.
+     *
+     * The special case of either point being the point at infinity (z1 and/or
+     * z2 are zero), is handled separately later on in this function, so we
+     * avoid jumping to point_double here in those special cases.
+     *
+     * Notice the comment below on the implications of this branching for timing
+     * leaks and why it is considered practically irrelevant.
+     */
+    points_equal = (x_equal & y_equal & (~z1_is_zero) & (~z2_is_zero));
+
+    if (points_equal) {
         /*
          * This is obviously not constant-time but it will almost-never happen
          * for ECDH / ECDSA. The case where it can happen is during scalar-mult
diff --git a/crypto/openssl/crypto/ec/ecp_nistputil.c b/crypto/openssl/crypto/ec/ecp_nistputil.c
index f89a2f0aacc18..60e1325c340fd 100644
--- a/crypto/openssl/crypto/ec/ecp_nistputil.c
+++ b/crypto/openssl/crypto/ec/ecp_nistputil.c
@@ -33,7 +33,7 @@ NON_EMPTY_TRANSLATION_UNIT
  */
 
 # include <stddef.h>
-# include "ec_lcl.h"
+# include "ec_local.h"
 
 /*
  * Convert an array of points into affine coordinates. (If the point at
diff --git a/crypto/openssl/crypto/ec/ecp_nistz256.c b/crypto/openssl/crypto/ec/ecp_nistz256.c
index 7ad5eb627de12..ba92681388623 100644
--- a/crypto/openssl/crypto/ec/ecp_nistz256.c
+++ b/crypto/openssl/crypto/ec/ecp_nistz256.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2014, Intel Corporation. All Rights Reserved.
  * Copyright (c) 2015, CloudFlare, Inc.
  *
@@ -21,8 +21,8 @@
 #include <string.h>
 
 #include "internal/cryptlib.h"
-#include "internal/bn_int.h"
-#include "ec_lcl.h"
+#include "crypto/bn.h"
+#include "ec_local.h"
 #include "internal/refcount.h"
 
 #if BN_BITS2 != 64
@@ -358,16 +358,47 @@ static void ecp_nistz256_point_add(P256_POINT *r,
     ecp_nistz256_sub(H, U2, U1);                /* H = U2 - U1 */
 
     /*
-     * This should not happen during sign/ecdh, so no constant time violation
+     * The formulae are incorrect if the points are equal so we check for
+     * this and do doubling if this happens.
+     *
+     * Points here are in Jacobian projective coordinates (Xi, Yi, Zi)
+     * that are bound to the affine coordinates (xi, yi) by the following
+     * equations:
+     *     - xi = Xi / (Zi)^2
+     *     - y1 = Yi / (Zi)^3
+     *
+     * For the sake of optimization, the algorithm operates over
+     * intermediate variables U1, U2 and S1, S2 that are derived from
+     * the projective coordinates:
+     *     - U1 = X1 * (Z2)^2 ; U2 = X2 * (Z1)^2
+     *     - S1 = Y1 * (Z2)^3 ; S2 = Y2 * (Z1)^3
+     *
+     * It is easy to prove that is_equal(U1, U2) implies that the affine
+     * x-coordinates are equal, or either point is at infinity.
+     * Likewise is_equal(S1, S2) implies that the affine y-coordinates are
+     * equal, or either point is at infinity.
+     *
+     * The special case of either point being the point at infinity (Z1 or Z2
+     * is zero), is handled separately later on in this function, so we avoid
+     * jumping to point_double here in those special cases.
+     *
+     * When both points are inverse of each other, we know that the affine
+     * x-coordinates are equal, and the y-coordinates have different sign.
+     * Therefore since U1 = U2, we know H = 0, and therefore Z3 = H*Z1*Z2
+     * will equal 0, thus the result is infinity, if we simply let this
+     * function continue normally.
+     *
+     * We use bitwise operations to avoid potential side-channels introduced by
+     * the short-circuiting behaviour of boolean operators.
      */
-    if (is_equal(U1, U2) && !in1infty && !in2infty) {
-        if (is_equal(S1, S2)) {
-            ecp_nistz256_point_double(r, a);
-            return;
-        } else {
-            memset(r, 0, sizeof(*r));
-            return;
-        }
+    if (is_equal(U1, U2) & ~in1infty & ~in2infty & is_equal(S1, S2)) {
+        /*
+         * This is obviously not constant-time but it should never happen during
+         * single point multiplication, so there is no timing leak for ECDH or
+         * ECDSA signing.
+         */
+        ecp_nistz256_point_double(r, a);
+        return;
     }
 
     ecp_nistz256_sqr_mont(Rsqr, R);             /* R^2 */
diff --git a/crypto/openssl/crypto/ec/ecp_oct.c b/crypto/openssl/crypto/ec/ecp_oct.c
index 7ade1b3d21732..9460763256fdf 100644
--- a/crypto/openssl/crypto/ec/ecp_oct.c
+++ b/crypto/openssl/crypto/ec/ecp_oct.c
@@ -11,7 +11,7 @@
 #include <openssl/err.h>
 #include <openssl/symhacks.h>
 
-#include "ec_lcl.h"
+#include "ec_local.h"
 
 int ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *group,
                                              EC_POINT *point,
diff --git a/crypto/openssl/crypto/ec/ecp_smpl.c b/crypto/openssl/crypto/ec/ecp_smpl.c
index e6e4c9d2cbb76..b354bfe9ce9ee 100644
--- a/crypto/openssl/crypto/ec/ecp_smpl.c
+++ b/crypto/openssl/crypto/ec/ecp_smpl.c
@@ -11,7 +11,7 @@
 #include <openssl/err.h>
 #include <openssl/symhacks.h>
 
-#include "ec_lcl.h"
+#include "ec_local.h"
 
 const EC_METHOD *EC_GFp_simple_method(void)
 {
diff --git a/crypto/openssl/crypto/ec/ecx_meth.c b/crypto/openssl/crypto/ec/ecx_meth.c
index c87419b5db388..9dc5259e4afc8 100644
--- a/crypto/openssl/crypto/ec/ecx_meth.c
+++ b/crypto/openssl/crypto/ec/ecx_meth.c
@@ -12,10 +12,10 @@
 #include <openssl/x509.h>
 #include <openssl/ec.h>
 #include <openssl/rand.h>
-#include "internal/asn1_int.h"
-#include "internal/evp_int.h"
-#include "ec_lcl.h"
-#include "curve448/curve448_lcl.h"
+#include "crypto/asn1.h"
+#include "crypto/evp.h"
+#include "ec_local.h"
+#include "curve448/curve448_local.h"
 
 #define X25519_BITS          253
 #define X25519_SECURITY_BITS 128
@@ -191,7 +191,7 @@ static int ecx_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8)
     }
 
     rv = ecx_key_op(pkey, pkey->ameth->pkey_id, palg, p, plen, KEY_OP_PRIVATE);
-    ASN1_OCTET_STRING_free(oct);
+    ASN1_STRING_clear_free(oct);
     return rv;
 }
 
diff --git a/crypto/openssl/crypto/engine/README b/crypto/openssl/crypto/engine/README
index c7a5696ca14cd..0f8a8fbde4103 100644
--- a/crypto/openssl/crypto/engine/README
+++ b/crypto/openssl/crypto/engine/README
@@ -9,7 +9,7 @@ for masochists" document *and* a rather extensive commit log message. (I'd get
 lynched for sticking all this in CHANGES or the commit mails :-).
 
 ENGINE_TABLE underlies this restructuring, as described in the internal header
-"eng_int.h", implemented in eng_table.c, and used in each of the "class" files;
+"eng_local.h", implemented in eng_table.c, and used in each of the "class" files;
 tb_rsa.c, tb_dsa.c, etc.
 
 However, "EVP_CIPHER" underlies the motivation and design of ENGINE_TABLE so
diff --git a/crypto/openssl/crypto/engine/eng_all.c b/crypto/openssl/crypto/engine/eng_all.c
index af306ccffc12a..b675ed7892e27 100644
--- a/crypto/openssl/crypto/engine/eng_all.c
+++ b/crypto/openssl/crypto/engine/eng_all.c
@@ -8,7 +8,7 @@
  */
 
 #include "internal/cryptlib.h"
-#include "eng_int.h"
+#include "eng_local.h"
 
 void ENGINE_load_builtin_engines(void)
 {
diff --git a/crypto/openssl/crypto/engine/eng_cnf.c b/crypto/openssl/crypto/engine/eng_cnf.c
index 6f0a066d06d1c..df00df6acd61f 100644
--- a/crypto/openssl/crypto/engine/eng_cnf.c
+++ b/crypto/openssl/crypto/engine/eng_cnf.c
@@ -7,7 +7,7 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include "eng_int.h"
+#include "eng_local.h"
 #include <openssl/conf.h>
 
 /* #define ENGINE_CONF_DEBUG */
diff --git a/crypto/openssl/crypto/engine/eng_ctrl.c b/crypto/openssl/crypto/engine/eng_ctrl.c
index 3bc4aab16feda..e65e78447b43b 100644
--- a/crypto/openssl/crypto/engine/eng_ctrl.c
+++ b/crypto/openssl/crypto/engine/eng_ctrl.c
@@ -7,7 +7,7 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include "eng_int.h"
+#include "eng_local.h"
 
 /*
  * When querying a ENGINE-specific control command's 'description', this
diff --git a/crypto/openssl/crypto/engine/eng_devcrypto.c b/crypto/openssl/crypto/engine/eng_devcrypto.c
index a727c6f646069..49e9ce1af33b0 100644
--- a/crypto/openssl/crypto/engine/eng_devcrypto.c
+++ b/crypto/openssl/crypto/engine/eng_devcrypto.c
@@ -22,7 +22,7 @@
 #include <openssl/objects.h>
 #include <crypto/cryptodev.h>
 
-#include "internal/engine.h"
+#include "crypto/engine.h"
 
 /* #define ENGINE_DEVCRYPTO_DEBUG */
 
diff --git a/crypto/openssl/crypto/engine/eng_dyn.c b/crypto/openssl/crypto/engine/eng_dyn.c
index 843226c077db2..06e677290a700 100644
--- a/crypto/openssl/crypto/engine/eng_dyn.c
+++ b/crypto/openssl/crypto/engine/eng_dyn.c
@@ -7,7 +7,7 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include "eng_int.h"
+#include "eng_local.h"
 #include "internal/dso.h"
 #include <openssl/crypto.h>
 
diff --git a/crypto/openssl/crypto/engine/eng_fat.c b/crypto/openssl/crypto/engine/eng_fat.c
index 591fddc8e4fb6..fe231a65f658b 100644
--- a/crypto/openssl/crypto/engine/eng_fat.c
+++ b/crypto/openssl/crypto/engine/eng_fat.c
@@ -8,7 +8,7 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include "eng_int.h"
+#include "eng_local.h"
 #include <openssl/conf.h>
 
 int ENGINE_set_default(ENGINE *e, unsigned int flags)
diff --git a/crypto/openssl/crypto/engine/eng_init.c b/crypto/openssl/crypto/engine/eng_init.c
index 7c235fc472a24..6c9063f8f6816 100644
--- a/crypto/openssl/crypto/engine/eng_init.c
+++ b/crypto/openssl/crypto/engine/eng_init.c
@@ -8,7 +8,7 @@
  */
 
 #include "e_os.h"
-#include "eng_int.h"
+#include "eng_local.h"
 
 /*
  * Initialise a engine type for use (or up its functional reference count if
diff --git a/crypto/openssl/crypto/engine/eng_lib.c b/crypto/openssl/crypto/engine/eng_lib.c
index d7f2026fac546..b851ff6957568 100644
--- a/crypto/openssl/crypto/engine/eng_lib.c
+++ b/crypto/openssl/crypto/engine/eng_lib.c
@@ -8,7 +8,7 @@
  */
 
 #include "e_os.h"
-#include "eng_int.h"
+#include "eng_local.h"
 #include <openssl/rand.h>
 #include "internal/refcount.h"
 
diff --git a/crypto/openssl/crypto/engine/eng_list.c b/crypto/openssl/crypto/engine/eng_list.c
index 45c339c54157a..1352fb7c961d8 100644
--- a/crypto/openssl/crypto/engine/eng_list.c
+++ b/crypto/openssl/crypto/engine/eng_list.c
@@ -8,7 +8,7 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include "eng_int.h"
+#include "eng_local.h"
 
 /*
  * The linked-list of pointers to engine types. engine_list_head incorporates
diff --git a/crypto/openssl/crypto/engine/eng_int.h b/crypto/openssl/crypto/engine/eng_local.h
index b95483341e200..8ef7172b9f45a 100644
--- a/crypto/openssl/crypto/engine/eng_int.h
+++ b/crypto/openssl/crypto/engine/eng_local.h
@@ -8,11 +8,11 @@
  * https://www.openssl.org/source/license.html
  */
 
-#ifndef HEADER_ENGINE_INT_H
-# define HEADER_ENGINE_INT_H
+#ifndef OSSL_CRYPTO_ENGINE_ENG_LOCAL_H
+# define OSSL_CRYPTO_ENGINE_ENG_LOCAL_H
 
 # include "internal/cryptlib.h"
-# include "internal/engine.h"
+# include "crypto/engine.h"
 # include "internal/thread_once.h"
 # include "internal/refcount.h"
 
@@ -168,4 +168,4 @@ typedef struct st_engine_pile ENGINE_PILE;
 
 DEFINE_LHASH_OF(ENGINE_PILE);
 
-#endif                          /* HEADER_ENGINE_INT_H */
+#endif                          /* OSSL_CRYPTO_ENGINE_ENG_LOCAL_H */
diff --git a/crypto/openssl/crypto/engine/eng_openssl.c b/crypto/openssl/crypto/engine/eng_openssl.c
index d9b3067a13222..25631fb879eea 100644
--- a/crypto/openssl/crypto/engine/eng_openssl.c
+++ b/crypto/openssl/crypto/engine/eng_openssl.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
@@ -11,7 +11,7 @@
 #include <stdio.h>
 #include <openssl/crypto.h>
 #include "internal/cryptlib.h"
-#include "internal/engine.h"
+#include "crypto/engine.h"
 #include <openssl/pem.h>
 #include <openssl/evp.h>
 #include <openssl/rand.h>
@@ -167,7 +167,7 @@ static int bind_fn(ENGINE *e, const char *id)
 }
 
 IMPLEMENT_DYNAMIC_CHECK_FN()
-    IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
+IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
 #endif                          /* ENGINE_DYNAMIC_SUPPORT */
 #ifdef TEST_ENG_OPENSSL_RC4
 /*-
diff --git a/crypto/openssl/crypto/engine/eng_pkey.c b/crypto/openssl/crypto/engine/eng_pkey.c
index 305a648feb6ad..e813bc6db0e6e 100644
--- a/crypto/openssl/crypto/engine/eng_pkey.c
+++ b/crypto/openssl/crypto/engine/eng_pkey.c
@@ -7,7 +7,7 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include "eng_int.h"
+#include "eng_local.h"
 
 /* Basic get/set stuff */
 
diff --git a/crypto/openssl/crypto/engine/eng_rdrand.c b/crypto/openssl/crypto/engine/eng_rdrand.c
index 261e5debbfd73..9dceb1671099a 100644
--- a/crypto/openssl/crypto/engine/eng_rdrand.c
+++ b/crypto/openssl/crypto/engine/eng_rdrand.c
@@ -11,7 +11,7 @@
 
 #include <stdio.h>
 #include <string.h>
-#include "internal/engine.h"
+#include "crypto/engine.h"
 #include <openssl/rand.h>
 #include <openssl/err.h>
 #include <openssl/crypto.h>
diff --git a/crypto/openssl/crypto/engine/eng_table.c b/crypto/openssl/crypto/engine/eng_table.c
index ac4b02fc12a89..72f393dbe143e 100644
--- a/crypto/openssl/crypto/engine/eng_table.c
+++ b/crypto/openssl/crypto/engine/eng_table.c
@@ -10,7 +10,7 @@
 #include "internal/cryptlib.h"
 #include <openssl/evp.h>
 #include <openssl/lhash.h>
-#include "eng_int.h"
+#include "eng_local.h"
 
 /* The type of the items in the table */
 struct st_engine_pile {
@@ -26,7 +26,7 @@ struct st_engine_pile {
     int uptodate;
 };
 
-/* The type exposed in eng_int.h */
+/* The type exposed in eng_local.h */
 struct st_engine_table {
     LHASH_OF(ENGINE_PILE) piles;
 };                              /* ENGINE_TABLE */
@@ -76,7 +76,7 @@ static int int_table_check(ENGINE_TABLE **t, int create)
 }
 
 /*
- * Privately exposed (via eng_int.h) functions for adding and/or removing
+ * Privately exposed (via eng_local.h) functions for adding and/or removing
  * ENGINEs from the implementation table
  */
 int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup,
diff --git a/crypto/openssl/crypto/engine/tb_asnmth.c b/crypto/openssl/crypto/engine/tb_asnmth.c
index 4bcc76136a109..72850b9398e36 100644
--- a/crypto/openssl/crypto/engine/tb_asnmth.c
+++ b/crypto/openssl/crypto/engine/tb_asnmth.c
@@ -8,9 +8,9 @@
  */
 
 #include "e_os.h"
-#include "eng_int.h"
+#include "eng_local.h"
 #include <openssl/evp.h>
-#include "internal/asn1_int.h"
+#include "crypto/asn1.h"
 
 /*
  * If this symbol is defined then ENGINE_get_pkey_asn1_meth_engine(), the
@@ -147,7 +147,8 @@ const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth_str(ENGINE *e,
     nidcount = e->pkey_asn1_meths(e, NULL, &nids, 0);
     for (i = 0; i < nidcount; i++) {
         e->pkey_asn1_meths(e, &ameth, NULL, nids[i]);
-        if (((int)strlen(ameth->pem_str) == len)
+        if (ameth != NULL
+            && ((int)strlen(ameth->pem_str) == len)
             && strncasecmp(ameth->pem_str, str, len) == 0)
             return ameth;
     }
diff --git a/crypto/openssl/crypto/engine/tb_cipher.c b/crypto/openssl/crypto/engine/tb_cipher.c
index faa967c475f5d..236da346cd4c6 100644
--- a/crypto/openssl/crypto/engine/tb_cipher.c
+++ b/crypto/openssl/crypto/engine/tb_cipher.c
@@ -7,7 +7,7 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include "eng_int.h"
+#include "eng_local.h"
 
 static ENGINE_TABLE *cipher_table = NULL;
 
diff --git a/crypto/openssl/crypto/engine/tb_dh.c b/crypto/openssl/crypto/engine/tb_dh.c
index 785119f65af9d..a13a13950083f 100644
--- a/crypto/openssl/crypto/engine/tb_dh.c
+++ b/crypto/openssl/crypto/engine/tb_dh.c
@@ -7,7 +7,7 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include "eng_int.h"
+#include "eng_local.h"
 
 static ENGINE_TABLE *dh_table = NULL;
 static const int dummy_nid = 1;
diff --git a/crypto/openssl/crypto/engine/tb_digest.c b/crypto/openssl/crypto/engine/tb_digest.c
index d644b1b0a825b..a6e6337a01d91 100644
--- a/crypto/openssl/crypto/engine/tb_digest.c
+++ b/crypto/openssl/crypto/engine/tb_digest.c
@@ -7,7 +7,7 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include "eng_int.h"
+#include "eng_local.h"
 
 static ENGINE_TABLE *digest_table = NULL;
 
diff --git a/crypto/openssl/crypto/engine/tb_dsa.c b/crypto/openssl/crypto/engine/tb_dsa.c
index 65b6ea8d3a0ef..2c77f0f3e151b 100644
--- a/crypto/openssl/crypto/engine/tb_dsa.c
+++ b/crypto/openssl/crypto/engine/tb_dsa.c
@@ -7,7 +7,7 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include "eng_int.h"
+#include "eng_local.h"
 
 static ENGINE_TABLE *dsa_table = NULL;
 static const int dummy_nid = 1;
diff --git a/crypto/openssl/crypto/engine/tb_eckey.c b/crypto/openssl/crypto/engine/tb_eckey.c
index 1e50736854107..907d55ae8c44e 100644
--- a/crypto/openssl/crypto/engine/tb_eckey.c
+++ b/crypto/openssl/crypto/engine/tb_eckey.c
@@ -7,7 +7,7 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include "eng_int.h"
+#include "eng_local.h"
 
 static ENGINE_TABLE *dh_table = NULL;
 static const int dummy_nid = 1;
diff --git a/crypto/openssl/crypto/engine/tb_pkmeth.c b/crypto/openssl/crypto/engine/tb_pkmeth.c
index 03cd1e69dd6de..c5c001c5cbecd 100644
--- a/crypto/openssl/crypto/engine/tb_pkmeth.c
+++ b/crypto/openssl/crypto/engine/tb_pkmeth.c
@@ -7,7 +7,7 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include "eng_int.h"
+#include "eng_local.h"
 #include <openssl/evp.h>
 
 static ENGINE_TABLE *pkey_meth_table = NULL;
diff --git a/crypto/openssl/crypto/engine/tb_rand.c b/crypto/openssl/crypto/engine/tb_rand.c
index 98a98073cdd0d..92f61c5a88401 100644
--- a/crypto/openssl/crypto/engine/tb_rand.c
+++ b/crypto/openssl/crypto/engine/tb_rand.c
@@ -7,7 +7,7 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include "eng_int.h"
+#include "eng_local.h"
 
 static ENGINE_TABLE *rand_table = NULL;
 static const int dummy_nid = 1;
diff --git a/crypto/openssl/crypto/engine/tb_rsa.c b/crypto/openssl/crypto/engine/tb_rsa.c
index d8d2e34f848be..43e865e6d6d14 100644
--- a/crypto/openssl/crypto/engine/tb_rsa.c
+++ b/crypto/openssl/crypto/engine/tb_rsa.c
@@ -7,7 +7,7 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include "eng_int.h"
+#include "eng_local.h"
 
 static ENGINE_TABLE *rsa_table = NULL;
 static const int dummy_nid = 1;
diff --git a/crypto/openssl/crypto/err/err.c b/crypto/openssl/crypto/err/err.c
index 3a58ccb958829..1372d52f80ee4 100644
--- a/crypto/openssl/crypto/err/err.c
+++ b/crypto/openssl/crypto/err/err.c
@@ -10,17 +10,17 @@
 #include <stdio.h>
 #include <stdarg.h>
 #include <string.h>
-#include "internal/cryptlib_int.h"
+#include "crypto/cryptlib.h"
 #include "internal/err.h"
-#include "internal/err_int.h"
+#include "crypto/err.h"
 #include <openssl/err.h>
 #include <openssl/crypto.h>
 #include <openssl/buffer.h>
 #include <openssl/bio.h>
 #include <openssl/opensslconf.h>
 #include "internal/thread_once.h"
-#include "internal/ctype.h"
-#include "internal/constant_time_locl.h"
+#include "crypto/ctype.h"
+#include "internal/constant_time.h"
 #include "e_os.h"
 
 static int err_load_strings(const ERR_STRING_DATA *str);
diff --git a/crypto/openssl/crypto/err/err_all.c b/crypto/openssl/crypto/err/err_all.c
index d9ec04b60676c..7c0a5f0b9c5fb 100644
--- a/crypto/openssl/crypto/err/err_all.c
+++ b/crypto/openssl/crypto/err/err_all.c
@@ -8,7 +8,7 @@
  */
 
 #include <stdio.h>
-#include "internal/err_int.h"
+#include "crypto/err.h"
 #include <openssl/asn1err.h>
 #include <openssl/bnerr.h>
 #include <openssl/ecerr.h>
diff --git a/crypto/openssl/crypto/err/openssl.txt b/crypto/openssl/crypto/err/openssl.txt
index a433b03240788..f5324c6819d8e 100644
--- a/crypto/openssl/crypto/err/openssl.txt
+++ b/crypto/openssl/crypto/err/openssl.txt
@@ -1,4 +1,4 @@
-# Copyright 1999-2019 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -1002,6 +1002,7 @@ PKCS7_F_PKCS7_SIGNER_INFO_SIGN:139:PKCS7_SIGNER_INFO_sign
 PKCS7_F_PKCS7_SIGN_ADD_SIGNER:137:PKCS7_sign_add_signer
 PKCS7_F_PKCS7_SIMPLE_SMIMECAP:119:PKCS7_simple_smimecap
 PKCS7_F_PKCS7_VERIFY:117:PKCS7_verify
+RAND_F_DATA_COLLECT_METHOD:127:data_collect_method
 RAND_F_DRBG_BYTES:101:drbg_bytes
 RAND_F_DRBG_GET_ENTROPY:105:drbg_get_entropy
 RAND_F_DRBG_SETUP:117:drbg_setup
@@ -1027,6 +1028,7 @@ RAND_F_RAND_POOL_ATTACH:124:rand_pool_attach
 RAND_F_RAND_POOL_BYTES_NEEDED:115:rand_pool_bytes_needed
 RAND_F_RAND_POOL_GROW:125:rand_pool_grow
 RAND_F_RAND_POOL_NEW:116:rand_pool_new
+RAND_F_RAND_PSEUDO_BYTES:126:RAND_pseudo_bytes
 RAND_F_RAND_WRITE_FILE:112:RAND_write_file
 RSA_F_CHECK_PADDING_MD:140:check_padding_md
 RSA_F_ENCODE_PKCS1:146:encode_pkcs1
@@ -1178,6 +1180,7 @@ SSL_F_OSSL_STATEM_SERVER_CONSTRUCT_MESSAGE:431:*
 SSL_F_OSSL_STATEM_SERVER_POST_PROCESS_MESSAGE:601:\
 	ossl_statem_server_post_process_message
 SSL_F_OSSL_STATEM_SERVER_POST_WORK:602:ossl_statem_server_post_work
+SSL_F_OSSL_STATEM_SERVER_PRE_WORK:640:
 SSL_F_OSSL_STATEM_SERVER_PROCESS_MESSAGE:603:ossl_statem_server_process_message
 SSL_F_OSSL_STATEM_SERVER_READ_TRANSITION:418:ossl_statem_server_read_transition
 SSL_F_OSSL_STATEM_SERVER_WRITE_TRANSITION:604:\
@@ -2254,6 +2257,7 @@ EVP_R_INITIALIZATION_ERROR:134:initialization error
 EVP_R_INPUT_NOT_INITIALIZED:111:input not initialized
 EVP_R_INVALID_DIGEST:152:invalid digest
 EVP_R_INVALID_FIPS_MODE:168:invalid fips mode
+EVP_R_INVALID_IV_LENGTH:194:invalid iv length
 EVP_R_INVALID_KEY:163:invalid key
 EVP_R_INVALID_KEY_LENGTH:130:invalid key length
 EVP_R_INVALID_OPERATION:148:invalid operation
@@ -2848,6 +2852,7 @@ SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES:242:unable to load ssl3 md5 routines
 SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES:243:unable to load ssl3 sha1 routines
 SSL_R_UNEXPECTED_CCS_MESSAGE:262:unexpected ccs message
 SSL_R_UNEXPECTED_END_OF_EARLY_DATA:178:unexpected end of early data
+SSL_R_UNEXPECTED_EOF_WHILE_READING:294:unexpected eof while reading
 SSL_R_UNEXPECTED_MESSAGE:244:unexpected message
 SSL_R_UNEXPECTED_RECORD:245:unexpected record
 SSL_R_UNINITIALIZED:276:uninitialized
diff --git a/crypto/openssl/crypto/evp/bio_md.c b/crypto/openssl/crypto/evp/bio_md.c
index 288dee01b2203..fed4cf1eb1ff5 100644
--- a/crypto/openssl/crypto/evp/bio_md.c
+++ b/crypto/openssl/crypto/evp/bio_md.c
@@ -12,8 +12,8 @@
 #include "internal/cryptlib.h"
 #include <openssl/buffer.h>
 #include <openssl/evp.h>
-#include "internal/evp_int.h"
-#include "evp_locl.h"
+#include "crypto/evp.h"
+#include "evp_local.h"
 #include "internal/bio.h"
 
 /*
diff --git a/crypto/openssl/crypto/evp/bio_ok.c b/crypto/openssl/crypto/evp/bio_ok.c
index 300db6cd320d1..a77cfb1552dea 100644
--- a/crypto/openssl/crypto/evp/bio_ok.c
+++ b/crypto/openssl/crypto/evp/bio_ok.c
@@ -76,7 +76,7 @@
 #include "internal/bio.h"
 #include <openssl/evp.h>
 #include <openssl/rand.h>
-#include "internal/evp_int.h"
+#include "crypto/evp.h"
 
 static int ok_write(BIO *h, const char *buf, int num);
 static int ok_read(BIO *h, char *buf, int size);
diff --git a/crypto/openssl/crypto/evp/c_allc.c b/crypto/openssl/crypto/evp/c_allc.c
index 086b3c4d51b40..22fdcc409c165 100644
--- a/crypto/openssl/crypto/evp/c_allc.c
+++ b/crypto/openssl/crypto/evp/c_allc.c
@@ -10,7 +10,7 @@
 #include <stdio.h>
 #include "internal/cryptlib.h"
 #include <openssl/evp.h>
-#include "internal/evp_int.h"
+#include "crypto/evp.h"
 #include <openssl/pkcs12.h>
 #include <openssl/objects.h>
 
diff --git a/crypto/openssl/crypto/evp/c_alld.c b/crypto/openssl/crypto/evp/c_alld.c
index 1267531a7d23b..16ac1b67f465b 100644
--- a/crypto/openssl/crypto/evp/c_alld.c
+++ b/crypto/openssl/crypto/evp/c_alld.c
@@ -10,7 +10,7 @@
 #include <stdio.h>
 #include "internal/cryptlib.h"
 #include <openssl/evp.h>
-#include "internal/evp_int.h"
+#include "crypto/evp.h"
 #include <openssl/pkcs12.h>
 #include <openssl/objects.h>
 
diff --git a/crypto/openssl/crypto/evp/cmeth_lib.c b/crypto/openssl/crypto/evp/cmeth_lib.c
index e2295c4dc589b..272e48249e421 100644
--- a/crypto/openssl/crypto/evp/cmeth_lib.c
+++ b/crypto/openssl/crypto/evp/cmeth_lib.c
@@ -10,8 +10,8 @@
 #include <string.h>
 
 #include <openssl/evp.h>
-#include "internal/evp_int.h"
-#include "evp_locl.h"
+#include "crypto/evp.h"
+#include "evp_local.h"
 
 EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len)
 {
diff --git a/crypto/openssl/crypto/evp/digest.c b/crypto/openssl/crypto/evp/digest.c
index 6693f270b6943..d1bfa274ca812 100644
--- a/crypto/openssl/crypto/evp/digest.c
+++ b/crypto/openssl/crypto/evp/digest.c
@@ -12,8 +12,8 @@
 #include <openssl/objects.h>
 #include <openssl/evp.h>
 #include <openssl/engine.h>
-#include "internal/evp_int.h"
-#include "evp_locl.h"
+#include "crypto/evp.h"
+#include "evp_local.h"
 
 /* This call frees resources associated with the context */
 int EVP_MD_CTX_reset(EVP_MD_CTX *ctx)
diff --git a/crypto/openssl/crypto/evp/e_aes.c b/crypto/openssl/crypto/evp/e_aes.c
index 1db346fc864bb..405ddbf9bf09e 100644
--- a/crypto/openssl/crypto/evp/e_aes.c
+++ b/crypto/openssl/crypto/evp/e_aes.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -14,10 +14,10 @@
 #include <string.h>
 #include <assert.h>
 #include <openssl/aes.h>
-#include "internal/evp_int.h"
-#include "modes_lcl.h"
+#include "crypto/evp.h"
+#include "modes_local.h"
 #include <openssl/rand.h>
-#include "evp_locl.h"
+#include "evp_local.h"
 
 typedef struct {
     union {
@@ -176,7 +176,7 @@ static void ctr64_inc(unsigned char *counter)
 # define HWAES_xts_decrypt aes_p8_xts_decrypt
 #endif
 
-#if     !defined(OPENSSL_NO_ASM) &&                     (  \
+#if     defined(OPENSSL_CPUID_OBJ) &&                   (  \
         ((defined(__i386)       || defined(__i386__)    || \
           defined(_M_IX86)) && defined(OPENSSL_IA32_SSE2))|| \
         defined(__x86_64)       || defined(__x86_64__)  || \
@@ -1127,7 +1127,7 @@ typedef struct {
                 } icv;
                 unsigned char k[32];
             } kmac_param;
-            /* KMAC-AES paramater block - end */
+            /* KMAC-AES parameter block - end */
 
             union {
                 unsigned long long g[2];
@@ -1414,7 +1414,7 @@ static int s390x_aes_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                                     (OPENSSL_s390xcap_P.kma[0] &	\
                                      S390X_CAPBIT(S390X_AES_256)))
 
-/* iv + padding length for iv lenghts != 12 */
+/* iv + padding length for iv lengths != 12 */
 # define S390X_gcm_ivpadlen(i)	((((i) + 15) >> 4 << 4) + 16)
 
 /*-
diff --git a/crypto/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c b/crypto/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c
index 09d24dc3d02a0..27c36b46e7a4a 100644
--- a/crypto/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c
+++ b/crypto/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c
@@ -17,9 +17,9 @@
 #include <openssl/aes.h>
 #include <openssl/sha.h>
 #include <openssl/rand.h>
-#include "modes_lcl.h"
-#include "internal/evp_int.h"
-#include "internal/constant_time_locl.h"
+#include "modes_local.h"
+#include "crypto/evp.h"
+#include "internal/constant_time.h"
 
 typedef struct {
     AES_KEY ks;
@@ -33,7 +33,7 @@ typedef struct {
 
 #define NO_PAYLOAD_LENGTH       ((size_t)-1)
 
-#if     defined(AES_ASM) &&     ( \
+#if     defined(AESNI_ASM) &&     ( \
         defined(__x86_64)       || defined(__x86_64__)  || \
         defined(_M_AMD64)       || defined(_M_X64)      )
 
diff --git a/crypto/openssl/crypto/evp/e_aes_cbc_hmac_sha256.c b/crypto/openssl/crypto/evp/e_aes_cbc_hmac_sha256.c
index caac0c9d3da23..cc622b6faa8c3 100644
--- a/crypto/openssl/crypto/evp/e_aes_cbc_hmac_sha256.c
+++ b/crypto/openssl/crypto/evp/e_aes_cbc_hmac_sha256.c
@@ -18,9 +18,9 @@
 #include <openssl/aes.h>
 #include <openssl/sha.h>
 #include <openssl/rand.h>
-#include "modes_lcl.h"
-#include "internal/constant_time_locl.h"
-#include "internal/evp_int.h"
+#include "modes_local.h"
+#include "internal/constant_time.h"
+#include "crypto/evp.h"
 
 typedef struct {
     AES_KEY ks;
@@ -34,7 +34,7 @@ typedef struct {
 
 # define NO_PAYLOAD_LENGTH       ((size_t)-1)
 
-#if     defined(AES_ASM) &&     ( \
+#if     defined(AESNI_ASM) &&   ( \
         defined(__x86_64)       || defined(__x86_64__)  || \
         defined(_M_AMD64)       || defined(_M_X64)      )
 
@@ -947,4 +947,4 @@ const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha256(void)
 {
     return NULL;
 }
-#endif
+#endif  /* AESNI_ASM */
diff --git a/crypto/openssl/crypto/evp/e_aria.c b/crypto/openssl/crypto/evp/e_aria.c
index fcaceb3bcadf8..1cc6dd91a95a9 100644
--- a/crypto/openssl/crypto/evp/e_aria.c
+++ b/crypto/openssl/crypto/evp/e_aria.c
@@ -14,10 +14,10 @@
 # include <openssl/modes.h>
 # include <openssl/rand.h>
 # include <openssl/rand_drbg.h>
-# include "internal/aria.h"
-# include "internal/evp_int.h"
-# include "modes_lcl.h"
-# include "evp_locl.h"
+# include "crypto/aria.h"
+# include "crypto/evp.h"
+# include "modes_local.h"
+# include "evp_local.h"
 
 /* ARIA subkey Structure */
 typedef struct {
@@ -695,8 +695,6 @@ static int aria_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
     if (!cctx->iv_set)
         return -1;
 
-    if (!EVP_CIPHER_CTX_encrypting(ctx) && !cctx->tag_set)
-        return -1;
     if (!out) {
         if (!in) {
             if (CRYPTO_ccm128_setiv(ccm, EVP_CIPHER_CTX_iv_noconst(ctx),
@@ -711,6 +709,11 @@ static int aria_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
         CRYPTO_ccm128_aad(ccm, in, len);
         return len;
     }
+
+    /* The tag must be set before actually decrypting data */
+    if (!EVP_CIPHER_CTX_encrypting(ctx) && !cctx->tag_set)
+        return -1;
+
     /* If not set length yet do it */
     if (!cctx->len_set) {
         if (CRYPTO_ccm128_setiv(ccm, EVP_CIPHER_CTX_iv_noconst(ctx),
diff --git a/crypto/openssl/crypto/evp/e_bf.c b/crypto/openssl/crypto/evp/e_bf.c
index dc386905c5cb2..9a065582c6c81 100644
--- a/crypto/openssl/crypto/evp/e_bf.c
+++ b/crypto/openssl/crypto/evp/e_bf.c
@@ -11,7 +11,7 @@
 #include "internal/cryptlib.h"
 #ifndef OPENSSL_NO_BF
 # include <openssl/evp.h>
-# include "internal/evp_int.h"
+# include "crypto/evp.h"
 # include <openssl/objects.h>
 # include <openssl/blowfish.h>
 
diff --git a/crypto/openssl/crypto/evp/e_camellia.c b/crypto/openssl/crypto/evp/e_camellia.c
index 2df4a6e3e011c..502d6936cc130 100644
--- a/crypto/openssl/crypto/evp/e_camellia.c
+++ b/crypto/openssl/crypto/evp/e_camellia.c
@@ -17,8 +17,8 @@ NON_EMPTY_TRANSLATION_UNIT
 # include <string.h>
 # include <assert.h>
 # include <openssl/camellia.h>
-# include "internal/evp_int.h"
-# include "modes_lcl.h"
+# include "crypto/evp.h"
+# include "modes_local.h"
 
 static int camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                              const unsigned char *iv, int enc);
diff --git a/crypto/openssl/crypto/evp/e_cast.c b/crypto/openssl/crypto/evp/e_cast.c
index 259d44059b201..df9f445bd0a2f 100644
--- a/crypto/openssl/crypto/evp/e_cast.c
+++ b/crypto/openssl/crypto/evp/e_cast.c
@@ -13,7 +13,7 @@
 #ifndef OPENSSL_NO_CAST
 # include <openssl/evp.h>
 # include <openssl/objects.h>
-# include "internal/evp_int.h"
+# include "crypto/evp.h"
 # include <openssl/cast.h>
 
 static int cast_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
diff --git a/crypto/openssl/crypto/evp/e_chacha20_poly1305.c b/crypto/openssl/crypto/evp/e_chacha20_poly1305.c
index 435a38d3658d3..bdc406bb69dc2 100644
--- a/crypto/openssl/crypto/evp/e_chacha20_poly1305.c
+++ b/crypto/openssl/crypto/evp/e_chacha20_poly1305.c
@@ -14,9 +14,9 @@
 
 # include <openssl/evp.h>
 # include <openssl/objects.h>
-# include "evp_locl.h"
-# include "internal/evp_int.h"
-# include "internal/chacha.h"
+# include "evp_local.h"
+# include "crypto/evp.h"
+# include "crypto/chacha.h"
 
 typedef struct {
     union {
@@ -146,7 +146,7 @@ const EVP_CIPHER *EVP_chacha20(void)
 }
 
 # ifndef OPENSSL_NO_POLY1305
-#  include "internal/poly1305.h"
+#  include "crypto/poly1305.h"
 
 typedef struct {
     EVP_CHACHA_KEY key;
diff --git a/crypto/openssl/crypto/evp/e_des.c b/crypto/openssl/crypto/evp/e_des.c
index c13fb3e25a9b2..6d6e919af6962 100644
--- a/crypto/openssl/crypto/evp/e_des.c
+++ b/crypto/openssl/crypto/evp/e_des.c
@@ -12,7 +12,7 @@
 #ifndef OPENSSL_NO_DES
 # include <openssl/evp.h>
 # include <openssl/objects.h>
-# include "internal/evp_int.h"
+# include "crypto/evp.h"
 # include <openssl/des.h>
 # include <openssl/rand.h>
 
diff --git a/crypto/openssl/crypto/evp/e_des3.c b/crypto/openssl/crypto/evp/e_des3.c
index 6b492ce470239..2a5597fee527e 100644
--- a/crypto/openssl/crypto/evp/e_des3.c
+++ b/crypto/openssl/crypto/evp/e_des3.c
@@ -12,10 +12,10 @@
 #ifndef OPENSSL_NO_DES
 # include <openssl/evp.h>
 # include <openssl/objects.h>
-# include "internal/evp_int.h"
+# include "crypto/evp.h"
 # include <openssl/des.h>
 # include <openssl/rand.h>
-# include "evp_locl.h"
+# include "evp_local.h"
 
 typedef struct {
     union {
diff --git a/crypto/openssl/crypto/evp/e_idea.c b/crypto/openssl/crypto/evp/e_idea.c
index 93f6a4131fa88..1068378ddc751 100644
--- a/crypto/openssl/crypto/evp/e_idea.c
+++ b/crypto/openssl/crypto/evp/e_idea.c
@@ -13,7 +13,7 @@
 #ifndef OPENSSL_NO_IDEA
 # include <openssl/evp.h>
 # include <openssl/objects.h>
-# include "internal/evp_int.h"
+# include "crypto/evp.h"
 # include <openssl/idea.h>
 
 /* Can't use IMPLEMENT_BLOCK_CIPHER because IDEA_ecb_encrypt is different */
diff --git a/crypto/openssl/crypto/evp/e_null.c b/crypto/openssl/crypto/evp/e_null.c
index 18a8468216a01..0725454a3a4ab 100644
--- a/crypto/openssl/crypto/evp/e_null.c
+++ b/crypto/openssl/crypto/evp/e_null.c
@@ -11,7 +11,7 @@
 #include "internal/cryptlib.h"
 #include <openssl/evp.h>
 #include <openssl/objects.h>
-#include "internal/evp_int.h"
+#include "crypto/evp.h"
 
 static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                          const unsigned char *iv, int enc);
diff --git a/crypto/openssl/crypto/evp/e_rc2.c b/crypto/openssl/crypto/evp/e_rc2.c
index aa0d140186878..4d8a0ee4b0151 100644
--- a/crypto/openssl/crypto/evp/e_rc2.c
+++ b/crypto/openssl/crypto/evp/e_rc2.c
@@ -14,7 +14,7 @@
 
 # include <openssl/evp.h>
 # include <openssl/objects.h>
-# include "internal/evp_int.h"
+# include "crypto/evp.h"
 # include <openssl/rc2.h>
 
 static int rc2_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
diff --git a/crypto/openssl/crypto/evp/e_rc4.c b/crypto/openssl/crypto/evp/e_rc4.c
index d16abdd0d2d75..c24bc8fe5982b 100644
--- a/crypto/openssl/crypto/evp/e_rc4.c
+++ b/crypto/openssl/crypto/evp/e_rc4.c
@@ -16,7 +16,7 @@
 # include <openssl/objects.h>
 # include <openssl/rc4.h>
 
-# include "internal/evp_int.h"
+# include "crypto/evp.h"
 
 typedef struct {
     RC4_KEY ks;                 /* working key */
diff --git a/crypto/openssl/crypto/evp/e_rc4_hmac_md5.c b/crypto/openssl/crypto/evp/e_rc4_hmac_md5.c
index b1e8ccd6ddca8..201ce443435c7 100644
--- a/crypto/openssl/crypto/evp/e_rc4_hmac_md5.c
+++ b/crypto/openssl/crypto/evp/e_rc4_hmac_md5.c
@@ -19,7 +19,7 @@
 # include <openssl/objects.h>
 # include <openssl/rc4.h>
 # include <openssl/md5.h>
-# include "internal/evp_int.h"
+# include "crypto/evp.h"
 
 typedef struct {
     RC4_KEY ks;
diff --git a/crypto/openssl/crypto/evp/e_rc5.c b/crypto/openssl/crypto/evp/e_rc5.c
index dc5589b688138..c86e87b65ab4a 100644
--- a/crypto/openssl/crypto/evp/e_rc5.c
+++ b/crypto/openssl/crypto/evp/e_rc5.c
@@ -13,9 +13,9 @@
 #ifndef OPENSSL_NO_RC5
 
 # include <openssl/evp.h>
-# include "internal/evp_int.h"
+# include "crypto/evp.h"
 # include <openssl/objects.h>
-# include "evp_locl.h"
+# include "evp_local.h"
 # include <openssl/rc5.h>
 
 static int r_32_12_16_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
diff --git a/crypto/openssl/crypto/evp/e_seed.c b/crypto/openssl/crypto/evp/e_seed.c
index 40aec5fc6ac09..aeb2363beadea 100644
--- a/crypto/openssl/crypto/evp/e_seed.c
+++ b/crypto/openssl/crypto/evp/e_seed.c
@@ -16,7 +16,7 @@ NON_EMPTY_TRANSLATION_UNIT
 # include <string.h>
 # include <assert.h>
 # include <openssl/seed.h>
-# include "internal/evp_int.h"
+# include "crypto/evp.h"
 
 static int seed_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                          const unsigned char *iv, int enc);
diff --git a/crypto/openssl/crypto/evp/e_sm4.c b/crypto/openssl/crypto/evp/e_sm4.c
index 79deb6563646c..fce32794fc514 100644
--- a/crypto/openssl/crypto/evp/e_sm4.c
+++ b/crypto/openssl/crypto/evp/e_sm4.c
@@ -13,8 +13,8 @@
 #ifndef OPENSSL_NO_SM4
 # include <openssl/evp.h>
 # include <openssl/modes.h>
-# include "internal/sm4.h"
-# include "internal/evp_int.h"
+# include "crypto/sm4.h"
+# include "crypto/evp.h"
 
 typedef struct {
     SM4_KEY ks;
diff --git a/crypto/openssl/crypto/evp/e_xcbc_d.c b/crypto/openssl/crypto/evp/e_xcbc_d.c
index 57ce813da824f..b730775422645 100644
--- a/crypto/openssl/crypto/evp/e_xcbc_d.c
+++ b/crypto/openssl/crypto/evp/e_xcbc_d.c
@@ -14,7 +14,7 @@
 
 # include <openssl/evp.h>
 # include <openssl/objects.h>
-# include "internal/evp_int.h"
+# include "crypto/evp.h"
 # include <openssl/des.h>
 
 static int desx_cbc_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
diff --git a/crypto/openssl/crypto/evp/encode.c b/crypto/openssl/crypto/evp/encode.c
index da32d4fd19734..9307ff0464249 100644
--- a/crypto/openssl/crypto/evp/encode.c
+++ b/crypto/openssl/crypto/evp/encode.c
@@ -11,8 +11,8 @@
 #include <limits.h>
 #include "internal/cryptlib.h"
 #include <openssl/evp.h>
-#include "evp_locl.h"
-#include "internal/evp_int.h"
+#include "evp_local.h"
+#include "crypto/evp.h"
 
 static unsigned char conv_ascii2bin(unsigned char a,
                                     const unsigned char *table);
diff --git a/crypto/openssl/crypto/evp/evp_enc.c b/crypto/openssl/crypto/evp/evp_enc.c
index 05dd791b6cb07..b9b6490fe069c 100644
--- a/crypto/openssl/crypto/evp/evp_enc.c
+++ b/crypto/openssl/crypto/evp/evp_enc.c
@@ -15,8 +15,8 @@
 #include <openssl/rand.h>
 #include <openssl/rand_drbg.h>
 #include <openssl/engine.h>
-#include "internal/evp_int.h"
-#include "evp_locl.h"
+#include "crypto/evp.h"
+#include "evp_local.h"
 
 int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *c)
 {
@@ -305,6 +305,17 @@ static int evp_EncryptDecryptUpdate(EVP_CIPHER_CTX *ctx,
 
     bl = ctx->cipher->block_size;
 
+    /*
+     * CCM mode needs to know about the case where inl == 0 && in == NULL - it
+     * means the plaintext/ciphertext length is 0
+     */
+    if (inl < 0
+            || (inl == 0
+                && EVP_CIPHER_mode(ctx->cipher) != EVP_CIPH_CCM_MODE)) {
+        *outl = 0;
+        return inl == 0;
+    }
+
     if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
         /* If block size > 1 then the cipher will have to do this check */
         if (bl == 1 && is_partially_overlapping(out, in, cmpl)) {
@@ -320,10 +331,6 @@ static int evp_EncryptDecryptUpdate(EVP_CIPHER_CTX *ctx,
         return 1;
     }
 
-    if (inl <= 0) {
-        *outl = 0;
-        return inl == 0;
-    }
     if (is_partially_overlapping(out + ctx->buf_len, in, cmpl)) {
         EVPerr(EVP_F_EVP_ENCRYPTDECRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING);
         return 0;
@@ -457,6 +464,17 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
     if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS))
         cmpl = (cmpl + 7) / 8;
 
+    /*
+     * CCM mode needs to know about the case where inl == 0 - it means the
+     * plaintext/ciphertext length is 0
+     */
+    if (inl < 0
+            || (inl == 0
+                && EVP_CIPHER_mode(ctx->cipher) != EVP_CIPH_CCM_MODE)) {
+        *outl = 0;
+        return inl == 0;
+    }
+
     if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
         if (b == 1 && is_partially_overlapping(out, in, cmpl)) {
             EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING);
@@ -472,11 +490,6 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
         return 1;
     }
 
-    if (inl <= 0) {
-        *outl = 0;
-        return inl == 0;
-    }
-
     if (ctx->flags & EVP_CIPH_NO_PADDING)
         return evp_EncryptDecryptUpdate(ctx, out, outl, in, inl);
 
diff --git a/crypto/openssl/crypto/evp/evp_err.c b/crypto/openssl/crypto/evp/evp_err.c
index 84bd3c2dab27a..05481d827fb42 100644
--- a/crypto/openssl/crypto/evp/evp_err.c
+++ b/crypto/openssl/crypto/evp/evp_err.c
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -213,6 +213,7 @@ static const ERR_STRING_DATA EVP_str_reasons[] = {
     "input not initialized"},
     {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_DIGEST), "invalid digest"},
     {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_FIPS_MODE), "invalid fips mode"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_IV_LENGTH), "invalid iv length"},
     {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_KEY), "invalid key"},
     {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_KEY_LENGTH), "invalid key length"},
     {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_OPERATION), "invalid operation"},
diff --git a/crypto/openssl/crypto/evp/evp_lib.c b/crypto/openssl/crypto/evp/evp_lib.c
index 4935c2a94a1a6..45cde0da8bfc9 100644
--- a/crypto/openssl/crypto/evp/evp_lib.c
+++ b/crypto/openssl/crypto/evp/evp_lib.c
@@ -11,8 +11,8 @@
 #include "internal/cryptlib.h"
 #include <openssl/evp.h>
 #include <openssl/objects.h>
-#include "internal/evp_int.h"
-#include "evp_locl.h"
+#include "crypto/evp.h"
+#include "evp_local.h"
 
 int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
 {
diff --git a/crypto/openssl/crypto/evp/evp_locl.h b/crypto/openssl/crypto/evp/evp_local.h
index f1589d6828942..f1589d6828942 100644
--- a/crypto/openssl/crypto/evp/evp_locl.h
+++ b/crypto/openssl/crypto/evp/evp_local.h
diff --git a/crypto/openssl/crypto/evp/evp_pbe.c b/crypto/openssl/crypto/evp/evp_pbe.c
index 5a88817b4aa91..967203f373c9b 100644
--- a/crypto/openssl/crypto/evp/evp_pbe.c
+++ b/crypto/openssl/crypto/evp/evp_pbe.c
@@ -12,7 +12,7 @@
 #include <openssl/evp.h>
 #include <openssl/pkcs12.h>
 #include <openssl/x509.h>
-#include "evp_locl.h"
+#include "evp_local.h"
 
 /* Password based encryption (PBE) functions */
 
diff --git a/crypto/openssl/crypto/evp/evp_pkey.c b/crypto/openssl/crypto/evp/evp_pkey.c
index e61a8761a92d2..586b74605cbd9 100644
--- a/crypto/openssl/crypto/evp/evp_pkey.c
+++ b/crypto/openssl/crypto/evp/evp_pkey.c
@@ -12,9 +12,9 @@
 #include "internal/cryptlib.h"
 #include <openssl/x509.h>
 #include <openssl/rand.h>
-#include "internal/asn1_int.h"
-#include "internal/evp_int.h"
-#include "internal/x509_int.h"
+#include "crypto/asn1.h"
+#include "crypto/evp.h"
+#include "crypto/x509.h"
 
 /* Extract a private key from a PKCS8 structure */
 
diff --git a/crypto/openssl/crypto/evp/m_md2.c b/crypto/openssl/crypto/evp/m_md2.c
index c4e28ae17af23..1aec5185239dc 100644
--- a/crypto/openssl/crypto/evp/m_md2.c
+++ b/crypto/openssl/crypto/evp/m_md2.c
@@ -18,7 +18,7 @@
 # include <openssl/md2.h>
 # include <openssl/rsa.h>
 
-#include "internal/evp_int.h"
+#include "crypto/evp.h"
 
 static int init(EVP_MD_CTX *ctx)
 {
diff --git a/crypto/openssl/crypto/evp/m_md4.c b/crypto/openssl/crypto/evp/m_md4.c
index 0efc586dbaff0..45d2cafee101b 100644
--- a/crypto/openssl/crypto/evp/m_md4.c
+++ b/crypto/openssl/crypto/evp/m_md4.c
@@ -17,7 +17,7 @@
 # include <openssl/x509.h>
 # include <openssl/md4.h>
 # include <openssl/rsa.h>
-# include "internal/evp_int.h"
+# include "crypto/evp.h"
 
 static int init(EVP_MD_CTX *ctx)
 {
diff --git a/crypto/openssl/crypto/evp/m_md5.c b/crypto/openssl/crypto/evp/m_md5.c
index 3d96ae93b6c4a..d26b5a4d31dce 100644
--- a/crypto/openssl/crypto/evp/m_md5.c
+++ b/crypto/openssl/crypto/evp/m_md5.c
@@ -17,7 +17,7 @@
 # include <openssl/x509.h>
 # include <openssl/md5.h>
 # include <openssl/rsa.h>
-# include "internal/evp_int.h"
+# include "crypto/evp.h"
 
 static int init(EVP_MD_CTX *ctx)
 {
diff --git a/crypto/openssl/crypto/evp/m_md5_sha1.c b/crypto/openssl/crypto/evp/m_md5_sha1.c
index 2d98886ba0e7c..eeec2b13e9ed0 100644
--- a/crypto/openssl/crypto/evp/m_md5_sha1.c
+++ b/crypto/openssl/crypto/evp/m_md5_sha1.c
@@ -15,7 +15,7 @@
 # include <openssl/md5.h>
 # include <openssl/sha.h>
 # include "internal/cryptlib.h"
-# include "internal/evp_int.h"
+# include "crypto/evp.h"
 # include <openssl/rsa.h>
 
 struct md5_sha1_ctx {
diff --git a/crypto/openssl/crypto/evp/m_mdc2.c b/crypto/openssl/crypto/evp/m_mdc2.c
index 1051a9070f973..fffa751efd185 100644
--- a/crypto/openssl/crypto/evp/m_mdc2.c
+++ b/crypto/openssl/crypto/evp/m_mdc2.c
@@ -17,7 +17,7 @@
 # include <openssl/x509.h>
 # include <openssl/mdc2.h>
 # include <openssl/rsa.h>
-# include "internal/evp_int.h"
+# include "crypto/evp.h"
 
 static int init(EVP_MD_CTX *ctx)
 {
diff --git a/crypto/openssl/crypto/evp/m_null.c b/crypto/openssl/crypto/evp/m_null.c
index 5dce1d510e28c..0847139df17b4 100644
--- a/crypto/openssl/crypto/evp/m_null.c
+++ b/crypto/openssl/crypto/evp/m_null.c
@@ -12,7 +12,7 @@
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 #include <openssl/x509.h>
-#include "internal/evp_int.h"
+#include "crypto/evp.h"
 
 static int init(EVP_MD_CTX *ctx)
 {
diff --git a/crypto/openssl/crypto/evp/m_ripemd.c b/crypto/openssl/crypto/evp/m_ripemd.c
index 7ab320843cee9..d93ad24fe58a7 100644
--- a/crypto/openssl/crypto/evp/m_ripemd.c
+++ b/crypto/openssl/crypto/evp/m_ripemd.c
@@ -17,7 +17,7 @@
 # include <openssl/objects.h>
 # include <openssl/x509.h>
 # include <openssl/rsa.h>
-# include "internal/evp_int.h"
+# include "crypto/evp.h"
 
 static int init(EVP_MD_CTX *ctx)
 {
diff --git a/crypto/openssl/crypto/evp/m_sha1.c b/crypto/openssl/crypto/evp/m_sha1.c
index ac52417855b3a..22b9bbc7d861c 100644
--- a/crypto/openssl/crypto/evp/m_sha1.c
+++ b/crypto/openssl/crypto/evp/m_sha1.c
@@ -14,8 +14,8 @@
 #include <openssl/objects.h>
 #include <openssl/sha.h>
 #include <openssl/rsa.h>
-#include "internal/evp_int.h"
-#include "internal/sha.h"
+#include "crypto/evp.h"
+#include "crypto/sha.h"
 
 static int init(EVP_MD_CTX *ctx)
 {
diff --git a/crypto/openssl/crypto/evp/m_sha3.c b/crypto/openssl/crypto/evp/m_sha3.c
index 01cf57d313d08..54c592a3cce24 100644
--- a/crypto/openssl/crypto/evp/m_sha3.c
+++ b/crypto/openssl/crypto/evp/m_sha3.c
@@ -12,8 +12,8 @@
 
 #include <openssl/evp.h>
 #include <openssl/objects.h>
-#include "internal/evp_int.h"
-#include "evp_locl.h"
+#include "crypto/evp.h"
+#include "evp_local.h"
 
 size_t SHA3_absorb(uint64_t A[5][5], const unsigned char *inp, size_t len,
                    size_t r);
diff --git a/crypto/openssl/crypto/evp/m_sigver.c b/crypto/openssl/crypto/evp/m_sigver.c
index 94e37f02b22eb..04643acc8837e 100644
--- a/crypto/openssl/crypto/evp/m_sigver.c
+++ b/crypto/openssl/crypto/evp/m_sigver.c
@@ -12,8 +12,8 @@
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 #include <openssl/x509.h>
-#include "internal/evp_int.h"
-#include "evp_locl.h"
+#include "crypto/evp.h"
+#include "evp_local.h"
 
 static int update(EVP_MD_CTX *ctx, const void *data, size_t datalen)
 {
diff --git a/crypto/openssl/crypto/evp/m_wp.c b/crypto/openssl/crypto/evp/m_wp.c
index 27e2b3c5cab8a..5ce15d2d5e57d 100644
--- a/crypto/openssl/crypto/evp/m_wp.c
+++ b/crypto/openssl/crypto/evp/m_wp.c
@@ -16,7 +16,7 @@
 # include <openssl/objects.h>
 # include <openssl/x509.h>
 # include <openssl/whrlpool.h>
-# include "internal/evp_int.h"
+# include "crypto/evp.h"
 
 static int init(EVP_MD_CTX *ctx)
 {
diff --git a/crypto/openssl/crypto/evp/names.c b/crypto/openssl/crypto/evp/names.c
index 077c2a6c4b9a3..90c7b73b7a496 100644
--- a/crypto/openssl/crypto/evp/names.c
+++ b/crypto/openssl/crypto/evp/names.c
@@ -10,9 +10,9 @@
 #include <stdio.h>
 #include "internal/cryptlib.h"
 #include <openssl/evp.h>
-#include "internal/objects.h"
+#include "crypto/objects.h"
 #include <openssl/x509.h>
-#include "internal/evp_int.h"
+#include "crypto/evp.h"
 
 int EVP_add_cipher(const EVP_CIPHER *c)
 {
diff --git a/crypto/openssl/crypto/evp/p5_crpt.c b/crypto/openssl/crypto/evp/p5_crpt.c
index 7e55d0bfb8172..6c5f45f73368b 100644
--- a/crypto/openssl/crypto/evp/p5_crpt.c
+++ b/crypto/openssl/crypto/evp/p5_crpt.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -28,7 +28,7 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
     EVP_MD_CTX *ctx;
     unsigned char md_tmp[EVP_MAX_MD_SIZE];
     unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
-    int i;
+    int i, ivl, kl;
     PBEPARAM *pbe;
     int saltlen, iter;
     unsigned char *salt;
@@ -48,6 +48,19 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
         return 0;
     }
 
+    ivl = EVP_CIPHER_iv_length(cipher);
+    if (ivl < 0 || ivl > 16) {
+        EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN, EVP_R_INVALID_IV_LENGTH);
+        PBEPARAM_free(pbe);
+        return 0;
+    }
+    kl = EVP_CIPHER_key_length(cipher);
+    if (kl < 0 || kl > (int)sizeof(md_tmp)) {
+        EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN, EVP_R_INVALID_KEY_LENGTH);
+        PBEPARAM_free(pbe);
+        return 0;
+    }
+
     if (!pbe->iter)
         iter = 1;
     else
@@ -73,6 +86,7 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
     if (!EVP_DigestUpdate(ctx, salt, saltlen))
         goto err;
     PBEPARAM_free(pbe);
+    pbe = NULL;
     if (!EVP_DigestFinal_ex(ctx, md_tmp, NULL))
         goto err;
     mdsize = EVP_MD_size(md);
@@ -86,11 +100,8 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
         if (!EVP_DigestFinal_ex(ctx, md_tmp, NULL))
             goto err;
     }
-    OPENSSL_assert(EVP_CIPHER_key_length(cipher) <= (int)sizeof(md_tmp));
-    memcpy(key, md_tmp, EVP_CIPHER_key_length(cipher));
-    OPENSSL_assert(EVP_CIPHER_iv_length(cipher) <= 16);
-    memcpy(iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)),
-           EVP_CIPHER_iv_length(cipher));
+    memcpy(key, md_tmp, kl);
+    memcpy(iv, md_tmp + (16 - ivl), ivl);
     if (!EVP_CipherInit_ex(cctx, cipher, NULL, key, iv, en_de))
         goto err;
     OPENSSL_cleanse(md_tmp, EVP_MAX_MD_SIZE);
@@ -98,6 +109,7 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
     OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH);
     rv = 1;
  err:
+    PBEPARAM_free(pbe);
     EVP_MD_CTX_free(ctx);
     return rv;
 }
diff --git a/crypto/openssl/crypto/evp/p5_crpt2.c b/crypto/openssl/crypto/evp/p5_crpt2.c
index e819eb9b47dcb..7f625b3d57f3f 100644
--- a/crypto/openssl/crypto/evp/p5_crpt2.c
+++ b/crypto/openssl/crypto/evp/p5_crpt2.c
@@ -13,7 +13,7 @@
 # include <openssl/x509.h>
 # include <openssl/evp.h>
 # include <openssl/hmac.h>
-# include "evp_locl.h"
+# include "evp_local.h"
 
 /* set this to print out info about the keygen algorithm */
 /* #define OPENSSL_DEBUG_PKCS5V2 */
diff --git a/crypto/openssl/crypto/evp/p_lib.c b/crypto/openssl/crypto/evp/p_lib.c
index 3cd7ca8d54ca9..9f1a485a5b832 100644
--- a/crypto/openssl/crypto/evp/p_lib.c
+++ b/crypto/openssl/crypto/evp/p_lib.c
@@ -21,8 +21,8 @@
 #include <openssl/cmac.h>
 #include <openssl/engine.h>
 
-#include "internal/asn1_int.h"
-#include "internal/evp_int.h"
+#include "crypto/asn1.h"
+#include "crypto/evp.h"
 
 static void EVP_PKEY_free_it(EVP_PKEY *x);
 
@@ -102,7 +102,7 @@ int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
 
 int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey)
 {
-    if (pkey->ameth && pkey->ameth->param_missing)
+    if (pkey != NULL && pkey->ameth && pkey->ameth->param_missing)
         return pkey->ameth->param_missing(pkey);
     return 0;
 }
@@ -465,7 +465,7 @@ int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key)
 
 RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey)
 {
-    if (pkey->type != EVP_PKEY_RSA) {
+    if (pkey->type != EVP_PKEY_RSA && pkey->type != EVP_PKEY_RSA_PSS) {
         EVPerr(EVP_F_EVP_PKEY_GET0_RSA, EVP_R_EXPECTING_AN_RSA_KEY);
         return NULL;
     }
@@ -540,7 +540,9 @@ EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey)
 
 int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key)
 {
-    int ret = EVP_PKEY_assign_DH(pkey, key);
+    int type = DH_get0_q(key) == NULL ? EVP_PKEY_DH : EVP_PKEY_DHX;
+    int ret = EVP_PKEY_assign(pkey, type, key);
+
     if (ret)
         DH_up_ref(key);
     return ret;
diff --git a/crypto/openssl/crypto/evp/p_sign.c b/crypto/openssl/crypto/evp/p_sign.c
index 6cb442e4f91df..0383294a87c88 100644
--- a/crypto/openssl/crypto/evp/p_sign.c
+++ b/crypto/openssl/crypto/evp/p_sign.c
@@ -12,7 +12,7 @@
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 #include <openssl/x509.h>
-#include "internal/evp_int.h"
+#include "crypto/evp.h"
 
 int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
                   unsigned int *siglen, EVP_PKEY *pkey)
diff --git a/crypto/openssl/crypto/evp/p_verify.c b/crypto/openssl/crypto/evp/p_verify.c
index 6e8c565dfd6b9..e27196f7c2e6a 100644
--- a/crypto/openssl/crypto/evp/p_verify.c
+++ b/crypto/openssl/crypto/evp/p_verify.c
@@ -12,7 +12,7 @@
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 #include <openssl/x509.h>
-#include "internal/evp_int.h"
+#include "crypto/evp.h"
 
 int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf,
                     unsigned int siglen, EVP_PKEY *pkey)
diff --git a/crypto/openssl/crypto/evp/pmeth_fn.c b/crypto/openssl/crypto/evp/pmeth_fn.c
index de1c07e171144..02f4093461d89 100644
--- a/crypto/openssl/crypto/evp/pmeth_fn.c
+++ b/crypto/openssl/crypto/evp/pmeth_fn.c
@@ -12,7 +12,7 @@
 #include "internal/cryptlib.h"
 #include <openssl/objects.h>
 #include <openssl/evp.h>
-#include "internal/evp_int.h"
+#include "crypto/evp.h"
 
 #define M_check_autoarg(ctx, arg, arglen, err) \
     if (ctx->pmeth->flags & EVP_PKEY_FLAG_AUTOARGLEN) {           \
diff --git a/crypto/openssl/crypto/evp/pmeth_gn.c b/crypto/openssl/crypto/evp/pmeth_gn.c
index e14965f333845..3ad6d5c7c7a02 100644
--- a/crypto/openssl/crypto/evp/pmeth_gn.c
+++ b/crypto/openssl/crypto/evp/pmeth_gn.c
@@ -12,9 +12,9 @@
 #include "internal/cryptlib.h"
 #include <openssl/objects.h>
 #include <openssl/evp.h>
-#include "internal/bn_int.h"
-#include "internal/asn1_int.h"
-#include "internal/evp_int.h"
+#include "crypto/bn.h"
+#include "crypto/asn1.h"
+#include "crypto/evp.h"
 
 int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx)
 {
diff --git a/crypto/openssl/crypto/evp/pmeth_lib.c b/crypto/openssl/crypto/evp/pmeth_lib.c
index 7fbf895e07321..603ccd835219b 100644
--- a/crypto/openssl/crypto/evp/pmeth_lib.c
+++ b/crypto/openssl/crypto/evp/pmeth_lib.c
@@ -13,8 +13,8 @@
 #include <openssl/engine.h>
 #include <openssl/evp.h>
 #include <openssl/x509v3.h>
-#include "internal/asn1_int.h"
-#include "internal/evp_int.h"
+#include "crypto/asn1.h"
+#include "crypto/evp.h"
 #include "internal/numbers.h"
 
 typedef int sk_cmp_fn_type(const char *const *a, const char *const *b);
@@ -642,6 +642,21 @@ void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth,
     pmeth->ctrl_str = ctrl_str;
 }
 
+void EVP_PKEY_meth_set_digestsign(EVP_PKEY_METHOD *pmeth,
+    int (*digestsign) (EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen,
+                       const unsigned char *tbs, size_t tbslen))
+{
+    pmeth->digestsign = digestsign;
+}
+
+void EVP_PKEY_meth_set_digestverify(EVP_PKEY_METHOD *pmeth,
+    int (*digestverify) (EVP_MD_CTX *ctx, const unsigned char *sig,
+                         size_t siglen, const unsigned char *tbs,
+                         size_t tbslen))
+{
+    pmeth->digestverify = digestverify;
+}
+
 void EVP_PKEY_meth_set_check(EVP_PKEY_METHOD *pmeth,
                              int (*check) (EVP_PKEY *pkey))
 {
@@ -834,6 +849,23 @@ void EVP_PKEY_meth_get_ctrl(const EVP_PKEY_METHOD *pmeth,
         *pctrl_str = pmeth->ctrl_str;
 }
 
+void EVP_PKEY_meth_get_digestsign(EVP_PKEY_METHOD *pmeth,
+    int (**digestsign) (EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen,
+                        const unsigned char *tbs, size_t tbslen))
+{
+    if (digestsign)
+        *digestsign = pmeth->digestsign;
+}
+
+void EVP_PKEY_meth_get_digestverify(EVP_PKEY_METHOD *pmeth,
+    int (**digestverify) (EVP_MD_CTX *ctx, const unsigned char *sig,
+                          size_t siglen, const unsigned char *tbs,
+                          size_t tbslen))
+{
+    if (digestverify)
+        *digestverify = pmeth->digestverify;
+}
+
 void EVP_PKEY_meth_get_check(const EVP_PKEY_METHOD *pmeth,
                              int (**pcheck) (EVP_PKEY *pkey))
 {
diff --git a/crypto/openssl/crypto/ex_data.c b/crypto/openssl/crypto/ex_data.c
index 08dc7c40734de..22f3b70edf14e 100644
--- a/crypto/openssl/crypto/ex_data.c
+++ b/crypto/openssl/crypto/ex_data.c
@@ -7,7 +7,7 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include "internal/cryptlib_int.h"
+#include "crypto/cryptlib.h"
 #include "internal/thread_once.h"
 
 /*
diff --git a/crypto/openssl/crypto/hmac/hm_ameth.c b/crypto/openssl/crypto/hmac/hm_ameth.c
index fa204e9068e40..638f61b5863ae 100644
--- a/crypto/openssl/crypto/hmac/hm_ameth.c
+++ b/crypto/openssl/crypto/hmac/hm_ameth.c
@@ -10,8 +10,8 @@
 #include <stdio.h>
 #include "internal/cryptlib.h"
 #include <openssl/evp.h>
-#include "internal/asn1_int.h"
-#include "internal/evp_int.h"
+#include "crypto/asn1.h"
+#include "crypto/evp.h"
 
 /*
  * HMAC "ASN1" method. This is just here to indicate the maximum HMAC output
diff --git a/crypto/openssl/crypto/hmac/hm_pmeth.c b/crypto/openssl/crypto/hmac/hm_pmeth.c
index 55dd27d63b5ce..56f98707f5399 100644
--- a/crypto/openssl/crypto/hmac/hm_pmeth.c
+++ b/crypto/openssl/crypto/hmac/hm_pmeth.c
@@ -14,7 +14,7 @@
 #include <openssl/evp.h>
 #include <openssl/hmac.h>
 #include <openssl/err.h>
-#include "internal/evp_int.h"
+#include "crypto/evp.h"
 
 /* HMAC pkey context structure */
 
diff --git a/crypto/openssl/crypto/hmac/hmac.c b/crypto/openssl/crypto/hmac/hmac.c
index 0c0a7133fb5aa..5e087bf92ff25 100644
--- a/crypto/openssl/crypto/hmac/hmac.c
+++ b/crypto/openssl/crypto/hmac/hmac.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -13,21 +13,22 @@
 #include "internal/cryptlib.h"
 #include <openssl/hmac.h>
 #include <openssl/opensslconf.h>
-#include "hmac_lcl.h"
+#include "hmac_local.h"
 
 int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
                  const EVP_MD *md, ENGINE *impl)
 {
-    int rv = 0;
-    int i, j, reset = 0;
+    int rv = 0, reset = 0;
+    int i, j;
     unsigned char pad[HMAC_MAX_MD_CBLOCK_SIZE];
+    unsigned int keytmp_length;
+    unsigned char keytmp[HMAC_MAX_MD_CBLOCK_SIZE];
 
     /* If we are changing MD then we must have a key */
     if (md != NULL && md != ctx->md && (key == NULL || len < 0))
         return 0;
 
     if (md != NULL) {
-        reset = 1;
         ctx->md = md;
     } else if (ctx->md) {
         md = ctx->md;
@@ -44,35 +45,34 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
 
     if (key != NULL) {
         reset = 1;
+
         j = EVP_MD_block_size(md);
-        if (!ossl_assert(j <= (int)sizeof(ctx->key)))
+        if (!ossl_assert(j <= (int)sizeof(keytmp)))
             return 0;
         if (j < len) {
             if (!EVP_DigestInit_ex(ctx->md_ctx, md, impl)
                     || !EVP_DigestUpdate(ctx->md_ctx, key, len)
-                    || !EVP_DigestFinal_ex(ctx->md_ctx, ctx->key,
-                                           &ctx->key_length))
+                    || !EVP_DigestFinal_ex(ctx->md_ctx, keytmp,
+                                           &keytmp_length))
                 return 0;
         } else {
-            if (len < 0 || len > (int)sizeof(ctx->key))
+            if (len < 0 || len > (int)sizeof(keytmp))
                 return 0;
-            memcpy(ctx->key, key, len);
-            ctx->key_length = len;
+            memcpy(keytmp, key, len);
+            keytmp_length = len;
         }
-        if (ctx->key_length != HMAC_MAX_MD_CBLOCK_SIZE)
-            memset(&ctx->key[ctx->key_length], 0,
-                   HMAC_MAX_MD_CBLOCK_SIZE - ctx->key_length);
-    }
+        if (keytmp_length != HMAC_MAX_MD_CBLOCK_SIZE)
+            memset(&keytmp[keytmp_length], 0,
+                   HMAC_MAX_MD_CBLOCK_SIZE - keytmp_length);
 
-    if (reset) {
         for (i = 0; i < HMAC_MAX_MD_CBLOCK_SIZE; i++)
-            pad[i] = 0x36 ^ ctx->key[i];
+            pad[i] = 0x36 ^ keytmp[i];
         if (!EVP_DigestInit_ex(ctx->i_ctx, md, impl)
                 || !EVP_DigestUpdate(ctx->i_ctx, pad, EVP_MD_block_size(md)))
             goto err;
 
         for (i = 0; i < HMAC_MAX_MD_CBLOCK_SIZE; i++)
-            pad[i] = 0x5c ^ ctx->key[i];
+            pad[i] = 0x5c ^ keytmp[i];
         if (!EVP_DigestInit_ex(ctx->o_ctx, md, impl)
                 || !EVP_DigestUpdate(ctx->o_ctx, pad, EVP_MD_block_size(md)))
             goto err;
@@ -81,8 +81,10 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
         goto err;
     rv = 1;
  err:
-    if (reset)
+    if (reset) {
+        OPENSSL_cleanse(keytmp, sizeof(keytmp));
         OPENSSL_cleanse(pad, sizeof(pad));
+    }
     return rv;
 }
 
@@ -149,8 +151,6 @@ static void hmac_ctx_cleanup(HMAC_CTX *ctx)
     EVP_MD_CTX_reset(ctx->o_ctx);
     EVP_MD_CTX_reset(ctx->md_ctx);
     ctx->md = NULL;
-    ctx->key_length = 0;
-    OPENSSL_cleanse(ctx->key, sizeof(ctx->key));
 }
 
 void HMAC_CTX_free(HMAC_CTX *ctx)
@@ -201,8 +201,6 @@ int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx)
         goto err;
     if (!EVP_MD_CTX_copy_ex(dctx->md_ctx, sctx->md_ctx))
         goto err;
-    memcpy(dctx->key, sctx->key, HMAC_MAX_MD_CBLOCK_SIZE);
-    dctx->key_length = sctx->key_length;
     dctx->md = sctx->md;
     return 1;
  err:
diff --git a/crypto/openssl/crypto/hmac/hmac_lcl.h b/crypto/openssl/crypto/hmac/hmac_local.h
index 8fd8345694a26..8bcc55817ae58 100644
--- a/crypto/openssl/crypto/hmac/hmac_lcl.h
+++ b/crypto/openssl/crypto/hmac/hmac_local.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -7,8 +7,8 @@
  * https://www.openssl.org/source/license.html
  */
 
-#ifndef HEADER_HMAC_LCL_H
-# define HEADER_HMAC_LCL_H
+#ifndef OSSL_CRYPTO_HMAC_LOCAL_H
+# define OSSL_CRYPTO_HMAC_LOCAL_H
 
 /* The current largest case is for SHA3-224 */
 #define HMAC_MAX_MD_CBLOCK_SIZE     144
@@ -18,8 +18,6 @@ struct hmac_ctx_st {
     EVP_MD_CTX *md_ctx;
     EVP_MD_CTX *i_ctx;
     EVP_MD_CTX *o_ctx;
-    unsigned int key_length;
-    unsigned char key[HMAC_MAX_MD_CBLOCK_SIZE];
 };
 
 #endif
diff --git a/crypto/openssl/crypto/idea/i_cbc.c b/crypto/openssl/crypto/idea/i_cbc.c
index a70a8682a7801..4eff467111be1 100644
--- a/crypto/openssl/crypto/idea/i_cbc.c
+++ b/crypto/openssl/crypto/idea/i_cbc.c
@@ -8,7 +8,7 @@
  */
 
 #include <openssl/idea.h>
-#include "idea_lcl.h"
+#include "idea_local.h"
 
 void IDEA_cbc_encrypt(const unsigned char *in, unsigned char *out,
                       long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv,
diff --git a/crypto/openssl/crypto/idea/i_cfb64.c b/crypto/openssl/crypto/idea/i_cfb64.c
index daf467eb5c26e..61c723015b990 100644
--- a/crypto/openssl/crypto/idea/i_cfb64.c
+++ b/crypto/openssl/crypto/idea/i_cfb64.c
@@ -8,7 +8,7 @@
  */
 
 #include <openssl/idea.h>
-#include "idea_lcl.h"
+#include "idea_local.h"
 
 /*
  * The input and output encrypted as though 64bit cfb mode is being used.
diff --git a/crypto/openssl/crypto/idea/i_ecb.c b/crypto/openssl/crypto/idea/i_ecb.c
index 058d0c14c005a..cb724e1a6c0b1 100644
--- a/crypto/openssl/crypto/idea/i_ecb.c
+++ b/crypto/openssl/crypto/idea/i_ecb.c
@@ -8,7 +8,7 @@
  */
 
 #include <openssl/idea.h>
-#include "idea_lcl.h"
+#include "idea_local.h"
 #include <openssl/opensslv.h>
 
 const char *IDEA_options(void)
diff --git a/crypto/openssl/crypto/idea/i_ofb64.c b/crypto/openssl/crypto/idea/i_ofb64.c
index 997a7b88edf4f..f000ced58620b 100644
--- a/crypto/openssl/crypto/idea/i_ofb64.c
+++ b/crypto/openssl/crypto/idea/i_ofb64.c
@@ -8,7 +8,7 @@
  */
 
 #include <openssl/idea.h>
-#include "idea_lcl.h"
+#include "idea_local.h"
 
 /*
  * The input and output encrypted as though 64bit ofb mode is being used.
diff --git a/crypto/openssl/crypto/idea/i_skey.c b/crypto/openssl/crypto/idea/i_skey.c
index 9d9145580fcf2..230338d7e3ab6 100644
--- a/crypto/openssl/crypto/idea/i_skey.c
+++ b/crypto/openssl/crypto/idea/i_skey.c
@@ -8,7 +8,7 @@
  */
 
 #include <openssl/idea.h>
-#include "idea_lcl.h"
+#include "idea_local.h"
 
 static IDEA_INT inverse(unsigned int xin);
 void IDEA_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks)
diff --git a/crypto/openssl/crypto/idea/idea_lcl.h b/crypto/openssl/crypto/idea/idea_local.h
index 50f81dfd8dee6..50f81dfd8dee6 100644
--- a/crypto/openssl/crypto/idea/idea_lcl.h
+++ b/crypto/openssl/crypto/idea/idea_local.h
diff --git a/crypto/openssl/crypto/init.c b/crypto/openssl/crypto/init.c
index 9fc0e8ef68aad..1b0d523beae0f 100644
--- a/crypto/openssl/crypto/init.c
+++ b/crypto/openssl/crypto/init.c
@@ -8,25 +8,25 @@
  */
 
 #include "e_os.h"
-#include "internal/cryptlib_int.h"
+#include "crypto/cryptlib.h"
 #include <openssl/err.h>
-#include "internal/rand_int.h"
+#include "crypto/rand.h"
 #include "internal/bio.h"
 #include <openssl/evp.h>
-#include "internal/evp_int.h"
+#include "crypto/evp.h"
 #include "internal/conf.h"
-#include "internal/async.h"
-#include "internal/engine.h"
+#include "crypto/async.h"
+#include "crypto/engine.h"
 #include "internal/comp.h"
 #include "internal/err.h"
-#include "internal/err_int.h"
-#include "internal/objects.h"
+#include "crypto/err.h"
+#include "crypto/objects.h"
 #include <stdlib.h>
 #include <assert.h>
 #include "internal/thread_once.h"
-#include "internal/dso_conf.h"
+#include "crypto/dso_conf.h"
 #include "internal/dso.h"
-#include "internal/store.h"
+#include "crypto/store.h"
 
 static int stopped = 0;
 
diff --git a/crypto/openssl/crypto/kdf/hkdf.c b/crypto/openssl/crypto/kdf/hkdf.c
index ae46fad609ac9..25bf4b729f64c 100644
--- a/crypto/openssl/crypto/kdf/hkdf.c
+++ b/crypto/openssl/crypto/kdf/hkdf.c
@@ -13,7 +13,7 @@
 #include <openssl/kdf.h>
 #include <openssl/evp.h>
 #include "internal/cryptlib.h"
-#include "internal/evp_int.h"
+#include "crypto/evp.h"
 
 #define HKDF_MAXBUF 1024
 
diff --git a/crypto/openssl/crypto/kdf/scrypt.c b/crypto/openssl/crypto/kdf/scrypt.c
index 61fd390e95f07..68606ac00aed0 100644
--- a/crypto/openssl/crypto/kdf/scrypt.c
+++ b/crypto/openssl/crypto/kdf/scrypt.c
@@ -13,7 +13,7 @@
 #include <openssl/kdf.h>
 #include <openssl/evp.h>
 #include "internal/cryptlib.h"
-#include "internal/evp_int.h"
+#include "crypto/evp.h"
 
 #ifndef OPENSSL_NO_SCRYPT
 
diff --git a/crypto/openssl/crypto/kdf/tls1_prf.c b/crypto/openssl/crypto/kdf/tls1_prf.c
index 49f7ecced9061..e9ca8e12780bc 100644
--- a/crypto/openssl/crypto/kdf/tls1_prf.c
+++ b/crypto/openssl/crypto/kdf/tls1_prf.c
@@ -11,7 +11,7 @@
 #include "internal/cryptlib.h"
 #include <openssl/kdf.h>
 #include <openssl/evp.h>
-#include "internal/evp_int.h"
+#include "crypto/evp.h"
 
 static int tls1_prf_alg(const EVP_MD *md,
                         const unsigned char *sec, size_t slen,
diff --git a/crypto/openssl/crypto/lhash/lh_stats.c b/crypto/openssl/crypto/lhash/lh_stats.c
index 65b91e1ef415e..45f1b105554f1 100644
--- a/crypto/openssl/crypto/lhash/lh_stats.c
+++ b/crypto/openssl/crypto/lhash/lh_stats.c
@@ -18,7 +18,7 @@
 
 #include <openssl/bio.h>
 #include <openssl/lhash.h>
-#include "lhash_lcl.h"
+#include "lhash_local.h"
 
 # ifndef OPENSSL_NO_STDIO
 void OPENSSL_LH_stats(const OPENSSL_LHASH *lh, FILE *fp)
diff --git a/crypto/openssl/crypto/lhash/lhash.c b/crypto/openssl/crypto/lhash/lhash.c
index 485d4c3ffff45..9dc887d91e4b2 100644
--- a/crypto/openssl/crypto/lhash/lhash.c
+++ b/crypto/openssl/crypto/lhash/lhash.c
@@ -13,9 +13,9 @@
 #include <openssl/crypto.h>
 #include <openssl/lhash.h>
 #include <openssl/err.h>
-#include "internal/ctype.h"
-#include "internal/lhash.h"
-#include "lhash_lcl.h"
+#include "crypto/ctype.h"
+#include "crypto/lhash.h"
+#include "lhash_local.h"
 
 /*
  * A hashing implementation that appears to be based on the linear hashing
diff --git a/crypto/openssl/crypto/lhash/lhash_lcl.h b/crypto/openssl/crypto/lhash/lhash_local.h
index 678224acd5d5e..678224acd5d5e 100644
--- a/crypto/openssl/crypto/lhash/lhash_lcl.h
+++ b/crypto/openssl/crypto/lhash/lhash_local.h
diff --git a/crypto/openssl/crypto/md4/md4_dgst.c b/crypto/openssl/crypto/md4/md4_dgst.c
index 5319618615e3d..29b6b252bae3f 100644
--- a/crypto/openssl/crypto/md4/md4_dgst.c
+++ b/crypto/openssl/crypto/md4/md4_dgst.c
@@ -9,7 +9,7 @@
 
 #include <stdio.h>
 #include <openssl/opensslv.h>
-#include "md4_locl.h"
+#include "md4_local.h"
 
 /*
  * Implemented from RFC1186 The MD4 Message-Digest Algorithm
@@ -39,7 +39,7 @@ void md4_block_data_order(MD4_CTX *c, const void *data_, size_t num)
     const unsigned char *data = data_;
     register unsigned MD32_REG_T A, B, C, D, l;
 # ifndef MD32_XARRAY
-    /* See comment in crypto/sha/sha_locl.h for details. */
+    /* See comment in crypto/sha/sha_local.h for details. */
     unsigned MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7,
         XX8, XX9, XX10, XX11, XX12, XX13, XX14, XX15;
 #  define X(i)   XX##i
diff --git a/crypto/openssl/crypto/md4/md4_locl.h b/crypto/openssl/crypto/md4/md4_local.h
index a6c4003fdbc29..5f05720e97691 100644
--- a/crypto/openssl/crypto/md4/md4_locl.h
+++ b/crypto/openssl/crypto/md4/md4_local.h
@@ -31,7 +31,7 @@ void md4_block_data_order(MD4_CTX *c, const void *p, size_t num);
         } while (0)
 #define HASH_BLOCK_DATA_ORDER   md4_block_data_order
 
-#include "internal/md32_common.h"
+#include "crypto/md32_common.h"
 
 /*-
 #define F(x,y,z)        (((x) & (y))  |  ((~(x)) & (z)))
@@ -53,7 +53,7 @@ void md4_block_data_order(MD4_CTX *c, const void *p, size_t num);
 
 #define R1(a,b,c,d,k,s,t) { \
         a+=((k)+(t)+G((b),(c),(d))); \
-        a=ROTATE(a,s); };\
+        a=ROTATE(a,s); };
 
 #define R2(a,b,c,d,k,s,t) { \
         a+=((k)+(t)+H((b),(c),(d))); \
diff --git a/crypto/openssl/crypto/md5/asm/md5-586.pl b/crypto/openssl/crypto/md5/asm/md5-586.pl
index 15e14864d1950..7986a2413da23 100644
--- a/crypto/openssl/crypto/md5/asm/md5-586.pl
+++ b/crypto/openssl/crypto/md5/asm/md5-586.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -43,7 +43,7 @@ $X="esi";
 &md5_block("md5_block_asm_data_order");
 &asm_finish();
 
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
 
 sub Np
 	{
diff --git a/crypto/openssl/crypto/md5/asm/md5-sparcv9.pl b/crypto/openssl/crypto/md5/asm/md5-sparcv9.pl
index 6a62c62531899..3595e3d32fc93 100755
--- a/crypto/openssl/crypto/md5/asm/md5-sparcv9.pl
+++ b/crypto/openssl/crypto/md5/asm/md5-sparcv9.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -434,4 +434,4 @@ foreach (split("\n",$code)) {
 	print $_,"\n";
 }
 
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/md5/asm/md5-x86_64.pl b/crypto/openssl/crypto/md5/asm/md5-x86_64.pl
index 386d8048ec02b..c6a172d448c63 100755
--- a/crypto/openssl/crypto/md5/asm/md5-x86_64.pl
+++ b/crypto/openssl/crypto/md5/asm/md5-x86_64.pl
@@ -1,6 +1,6 @@
 #! /usr/bin/env perl
 # Author: Marc Bevand <bevand_m (at) epita.fr>
-# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -390,4 +390,4 @@ ___
 
 print $code;
 
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/md5/md5_dgst.c b/crypto/openssl/crypto/md5/md5_dgst.c
index fbede6742af6a..d84cba37ae984 100644
--- a/crypto/openssl/crypto/md5/md5_dgst.c
+++ b/crypto/openssl/crypto/md5/md5_dgst.c
@@ -8,7 +8,7 @@
  */
 
 #include <stdio.h>
-#include "md5_locl.h"
+#include "md5_local.h"
 #include <openssl/opensslv.h>
 
 /*
@@ -39,7 +39,7 @@ void md5_block_data_order(MD5_CTX *c, const void *data_, size_t num)
     const unsigned char *data = data_;
     register unsigned MD32_REG_T A, B, C, D, l;
 # ifndef MD32_XARRAY
-    /* See comment in crypto/sha/sha_locl.h for details. */
+    /* See comment in crypto/sha/sha_local.h for details. */
     unsigned MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7,
         XX8, XX9, XX10, XX11, XX12, XX13, XX14, XX15;
 #  define X(i)   XX##i
diff --git a/crypto/openssl/crypto/md5/md5_locl.h b/crypto/openssl/crypto/md5/md5_local.h
index 4eb7e50ef4d0f..b0087bea81c4b 100644
--- a/crypto/openssl/crypto/md5/md5_locl.h
+++ b/crypto/openssl/crypto/md5/md5_local.h
@@ -42,7 +42,7 @@ void md5_block_data_order(MD5_CTX *c, const void *p, size_t num);
         } while (0)
 #define HASH_BLOCK_DATA_ORDER   md5_block_data_order
 
-#include "internal/md32_common.h"
+#include "crypto/md32_common.h"
 
 /*-
 #define F(x,y,z)        (((x) & (y))  |  ((~(x)) & (z)))
@@ -62,7 +62,7 @@ void md5_block_data_order(MD5_CTX *c, const void *p, size_t num);
 #define R0(a,b,c,d,k,s,t) { \
         a+=((k)+(t)+F((b),(c),(d))); \
         a=ROTATE(a,s); \
-        a+=b; };\
+        a+=b; };
 
 #define R1(a,b,c,d,k,s,t) { \
         a+=((k)+(t)+G((b),(c),(d))); \
diff --git a/crypto/openssl/crypto/mem.c b/crypto/openssl/crypto/mem.c
index 780053ffeff1e..2b39ca3a10498 100644
--- a/crypto/openssl/crypto/mem.c
+++ b/crypto/openssl/crypto/mem.c
@@ -9,7 +9,7 @@
 
 #include "e_os.h"
 #include "internal/cryptlib.h"
-#include "internal/cryptlib_int.h"
+#include "crypto/cryptlib.h"
 #include <stdio.h>
 #include <stdlib.h>
 #include <limits.h>
diff --git a/crypto/openssl/crypto/mips_arch.h b/crypto/openssl/crypto/mips_arch.h
index e18ac07210c54..4ae1a1a9339e3 100644
--- a/crypto/openssl/crypto/mips_arch.h
+++ b/crypto/openssl/crypto/mips_arch.h
@@ -7,8 +7,8 @@
  * https://www.openssl.org/source/license.html
  */
 
-#ifndef __MIPS_ARCH_H__
-# define __MIPS_ARCH_H__
+#ifndef OSSL_CRYPTO_MIPS_ARCH_H
+# define OSSL_CRYPTO_MIPS_ARCH_H
 
 # if (defined(__mips_smartmips) || defined(_MIPS_ARCH_MIPS32R3) || \
       defined(_MIPS_ARCH_MIPS32R5) || defined(_MIPS_ARCH_MIPS32R6)) \
diff --git a/crypto/openssl/crypto/modes/asm/aesni-gcm-x86_64.pl b/crypto/openssl/crypto/modes/asm/aesni-gcm-x86_64.pl
index b42016101ebc6..959efedb0de71 100755
--- a/crypto/openssl/crypto/modes/asm/aesni-gcm-x86_64.pl
+++ b/crypto/openssl/crypto/modes/asm/aesni-gcm-x86_64.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2013-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -66,7 +66,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
 	$avx = ($1>=10) + ($1>=11);
 }
 
-if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/) {
+if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([0-9]+\.[0-9]+)/) {
 	$avx = ($2>=3.0) + ($2>3.0);
 }
 
@@ -90,6 +90,7 @@ $code=<<___;
 .type	_aesni_ctr32_ghash_6x,\@abi-omnipotent
 .align	32
 _aesni_ctr32_ghash_6x:
+.cfi_startproc
 	vmovdqu		0x20($const),$T2	# borrow $T2, .Lone_msb
 	sub		\$6,$len
 	vpxor		$Z0,$Z0,$Z0		# $Z0   = 0
@@ -397,6 +398,7 @@ _aesni_ctr32_ghash_6x:
 	vpxor		$Z0,$Xi,$Xi		# modulo-scheduled
 
 	ret
+.cfi_endproc
 .size	_aesni_ctr32_ghash_6x,.-_aesni_ctr32_ghash_6x
 ___
 ######################################################################
@@ -543,6 +545,7 @@ $code.=<<___;
 .type	_aesni_ctr32_6x,\@abi-omnipotent
 .align	32
 _aesni_ctr32_6x:
+.cfi_startproc
 	vmovdqu		0x00-0x80($key),$Z0	# borrow $Z0 for $rndkey
 	vmovdqu		0x20($const),$T2	# borrow $T2, .Lone_msb
 	lea		-1($rounds),%r13
@@ -629,6 +632,7 @@ _aesni_ctr32_6x:
 	vpshufb		$Ii,$T1,$T1		# next counter value
 	vpxor		$Z0,$inout5,$inout5
 	jmp	.Loop_ctr32
+.cfi_endproc
 .size	_aesni_ctr32_6x,.-_aesni_ctr32_6x
 
 .globl	aesni_gcm_encrypt
@@ -1079,15 +1083,19 @@ $code=<<___;	# assembler is too old
 .globl	aesni_gcm_encrypt
 .type	aesni_gcm_encrypt,\@abi-omnipotent
 aesni_gcm_encrypt:
+.cfi_startproc
 	xor	%eax,%eax
 	ret
+.cfi_endproc
 .size	aesni_gcm_encrypt,.-aesni_gcm_encrypt
 
 .globl	aesni_gcm_decrypt
 .type	aesni_gcm_decrypt,\@abi-omnipotent
 aesni_gcm_decrypt:
+.cfi_startproc
 	xor	%eax,%eax
 	ret
+.cfi_endproc
 .size	aesni_gcm_decrypt,.-aesni_gcm_decrypt
 ___
 }}}
@@ -1096,4 +1104,4 @@ $code =~ s/\`([^\`]*)\`/eval($1)/gem;
 
 print $code;
 
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/modes/asm/ghash-armv4.pl b/crypto/openssl/crypto/modes/asm/ghash-armv4.pl
index dcc23f7d7dbe4..d84ac6f2bf438 100755
--- a/crypto/openssl/crypto/modes/asm/ghash-armv4.pl
+++ b/crypto/openssl/crypto/modes/asm/ghash-armv4.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -548,4 +548,4 @@ foreach (split("\n",$code)) {
 
 	print $_,"\n";
 }
-close STDOUT; # enforce flush
+close STDOUT or die "error closing STDOUT: $!"; # enforce flush
diff --git a/crypto/openssl/crypto/modes/asm/ghash-c64xplus.pl b/crypto/openssl/crypto/modes/asm/ghash-c64xplus.pl
index 3cadda39945cf..5826dcbdfe645 100755
--- a/crypto/openssl/crypto/modes/asm/ghash-c64xplus.pl
+++ b/crypto/openssl/crypto/modes/asm/ghash-c64xplus.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -244,4 +244,4 @@ $code.=<<___;
 ___
 
 print $code;
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/modes/asm/ghash-ia64.pl b/crypto/openssl/crypto/modes/asm/ghash-ia64.pl
index eb9ded91e5b65..6e29f995fa85f 100755
--- a/crypto/openssl/crypto/modes/asm/ghash-ia64.pl
+++ b/crypto/openssl/crypto/modes/asm/ghash-ia64.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -467,4 +467,4 @@ $code =~ s/mux1(\s+)\S+\@rev/nop.i$1 0x0/gm      if ($big_endian);
 $code =~ s/\`([^\`]*)\`/eval $1/gem;
 
 print $code;
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/modes/asm/ghash-parisc.pl b/crypto/openssl/crypto/modes/asm/ghash-parisc.pl
index a614c99c22ce2..d798b7abf4902 100755
--- a/crypto/openssl/crypto/modes/asm/ghash-parisc.pl
+++ b/crypto/openssl/crypto/modes/asm/ghash-parisc.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -745,4 +745,4 @@ foreach (split("\n",$code)) {
 	print $_,"\n";
 }
 
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/modes/asm/ghash-s390x.pl b/crypto/openssl/crypto/modes/asm/ghash-s390x.pl
index 17dc375053c5c..2f3ca295bdcae 100755
--- a/crypto/openssl/crypto/modes/asm/ghash-s390x.pl
+++ b/crypto/openssl/crypto/modes/asm/ghash-s390x.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -259,4 +259,4 @@ ___
 
 $code =~ s/\`([^\`]*)\`/eval $1/gem;
 print $code;
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/modes/asm/ghash-sparcv9.pl b/crypto/openssl/crypto/modes/asm/ghash-sparcv9.pl
index c4eb3b1f02060..ccebc74b4e975 100755
--- a/crypto/openssl/crypto/modes/asm/ghash-sparcv9.pl
+++ b/crypto/openssl/crypto/modes/asm/ghash-sparcv9.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -578,4 +578,4 @@ foreach (split("\n",$code)) {
 	print $_,"\n";
 }
 
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/modes/asm/ghash-x86.pl b/crypto/openssl/crypto/modes/asm/ghash-x86.pl
index bcbe6e399d13e..4183d99b68b11 100755
--- a/crypto/openssl/crypto/modes/asm/ghash-x86.pl
+++ b/crypto/openssl/crypto/modes/asm/ghash-x86.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -1378,7 +1378,7 @@ my ($Xhi,$Xi)=@_;
 &asciz("GHASH for x86, CRYPTOGAMS by <appro\@openssl.org>");
 &asm_finish();
 
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
 
 # A question was risen about choice of vanilla MMX. Or rather why wasn't
 # SSE2 chosen instead? In addition to the fact that MMX runs on legacy
diff --git a/crypto/openssl/crypto/modes/asm/ghash-x86_64.pl b/crypto/openssl/crypto/modes/asm/ghash-x86_64.pl
index 6b2a51ecd77e2..0a0bfd575ceeb 100755
--- a/crypto/openssl/crypto/modes/asm/ghash-x86_64.pl
+++ b/crypto/openssl/crypto/modes/asm/ghash-x86_64.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2010-2019 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -116,7 +116,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
 	$avx = ($1>=10) + ($1>=11);
 }
 
-if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/) {
+if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([0-9]+\.[0-9]+)/) {
 	$avx = ($2>=3.0) + ($2>3.0);
 }
 
@@ -1815,4 +1815,4 @@ $code =~ s/\`([^\`]*)\`/eval($1)/gem;
 
 print $code;
 
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/modes/asm/ghashp8-ppc.pl b/crypto/openssl/crypto/modes/asm/ghashp8-ppc.pl
index 6a2ac712950b4..447472cb45929 100755
--- a/crypto/openssl/crypto/modes/asm/ghashp8-ppc.pl
+++ b/crypto/openssl/crypto/modes/asm/ghashp8-ppc.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -668,4 +668,4 @@ foreach (split("\n",$code)) {
 	print $_,"\n";
 }
 
-close STDOUT; # enforce flush
+close STDOUT or die "error closing STDOUT: $!"; # enforce flush
diff --git a/crypto/openssl/crypto/modes/asm/ghashv8-armx.pl b/crypto/openssl/crypto/modes/asm/ghashv8-armx.pl
index d7fa510afd3a6..2072e49bdeea9 100755
--- a/crypto/openssl/crypto/modes/asm/ghashv8-armx.pl
+++ b/crypto/openssl/crypto/modes/asm/ghashv8-armx.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -778,4 +778,4 @@ if ($flavour =~ /64/) {			######## 64-bit code
     }
 }
 
-close STDOUT; # enforce flush
+close STDOUT or die "error closing STDOUT: $!"; # enforce flush
diff --git a/crypto/openssl/crypto/modes/cbc128.c b/crypto/openssl/crypto/modes/cbc128.c
index 4ce5eb2ae3418..fc7e0b60510b0 100644
--- a/crypto/openssl/crypto/modes/cbc128.c
+++ b/crypto/openssl/crypto/modes/cbc128.c
@@ -8,7 +8,7 @@
  */
 
 #include <openssl/crypto.h>
-#include "modes_lcl.h"
+#include "modes_local.h"
 #include <string.h>
 
 #if !defined(STRICT_ALIGNMENT) && !defined(PEDANTIC)
diff --git a/crypto/openssl/crypto/modes/ccm128.c b/crypto/openssl/crypto/modes/ccm128.c
index 05a33239f56e2..424722811c16c 100644
--- a/crypto/openssl/crypto/modes/ccm128.c
+++ b/crypto/openssl/crypto/modes/ccm128.c
@@ -8,7 +8,7 @@
  */
 
 #include <openssl/crypto.h>
-#include "modes_lcl.h"
+#include "modes_local.h"
 #include <string.h>
 
 /*
diff --git a/crypto/openssl/crypto/modes/cfb128.c b/crypto/openssl/crypto/modes/cfb128.c
index e439567fe59f3..b6bec414a966f 100644
--- a/crypto/openssl/crypto/modes/cfb128.c
+++ b/crypto/openssl/crypto/modes/cfb128.c
@@ -8,7 +8,7 @@
  */
 
 #include <openssl/crypto.h>
-#include "modes_lcl.h"
+#include "modes_local.h"
 #include <string.h>
 
 /*
diff --git a/crypto/openssl/crypto/modes/ctr128.c b/crypto/openssl/crypto/modes/ctr128.c
index 03920b447333e..ae35116e95241 100644
--- a/crypto/openssl/crypto/modes/ctr128.c
+++ b/crypto/openssl/crypto/modes/ctr128.c
@@ -8,7 +8,7 @@
  */
 
 #include <openssl/crypto.h>
-#include "modes_lcl.h"
+#include "modes_local.h"
 #include <string.h>
 
 /*
diff --git a/crypto/openssl/crypto/modes/cts128.c b/crypto/openssl/crypto/modes/cts128.c
index 93826a1e2f06c..9052e857764fe 100644
--- a/crypto/openssl/crypto/modes/cts128.c
+++ b/crypto/openssl/crypto/modes/cts128.c
@@ -8,7 +8,7 @@
  */
 
 #include <openssl/crypto.h>
-#include "modes_lcl.h"
+#include "modes_local.h"
 #include <string.h>
 
 /*
diff --git a/crypto/openssl/crypto/modes/gcm128.c b/crypto/openssl/crypto/modes/gcm128.c
index 15f76e3e86bc7..48775e6d05ffb 100644
--- a/crypto/openssl/crypto/modes/gcm128.c
+++ b/crypto/openssl/crypto/modes/gcm128.c
@@ -8,7 +8,7 @@
  */
 
 #include <openssl/crypto.h>
-#include "modes_lcl.h"
+#include "modes_local.h"
 #include <string.h>
 
 #if defined(BSWAP4) && defined(STRICT_ALIGNMENT)
diff --git a/crypto/openssl/crypto/modes/modes_lcl.h b/crypto/openssl/crypto/modes/modes_local.h
index f2ae01d11afd2..f2ae01d11afd2 100644
--- a/crypto/openssl/crypto/modes/modes_lcl.h
+++ b/crypto/openssl/crypto/modes/modes_local.h
diff --git a/crypto/openssl/crypto/modes/ocb128.c b/crypto/openssl/crypto/modes/ocb128.c
index 713b9aaf19d5f..b39a55a1a1459 100644
--- a/crypto/openssl/crypto/modes/ocb128.c
+++ b/crypto/openssl/crypto/modes/ocb128.c
@@ -10,7 +10,7 @@
 #include <string.h>
 #include <openssl/crypto.h>
 #include <openssl/err.h>
-#include "modes_lcl.h"
+#include "modes_local.h"
 
 #ifndef OPENSSL_NO_OCB
 
diff --git a/crypto/openssl/crypto/modes/ofb128.c b/crypto/openssl/crypto/modes/ofb128.c
index 83092564c6b6c..44bdf888db1a1 100644
--- a/crypto/openssl/crypto/modes/ofb128.c
+++ b/crypto/openssl/crypto/modes/ofb128.c
@@ -8,7 +8,7 @@
  */
 
 #include <openssl/crypto.h>
-#include "modes_lcl.h"
+#include "modes_local.h"
 #include <string.h>
 
 /*
diff --git a/crypto/openssl/crypto/modes/xts128.c b/crypto/openssl/crypto/modes/xts128.c
index 81b1eacd59200..b5bda5e6402d9 100644
--- a/crypto/openssl/crypto/modes/xts128.c
+++ b/crypto/openssl/crypto/modes/xts128.c
@@ -8,7 +8,7 @@
  */
 
 #include <openssl/crypto.h>
-#include "modes_lcl.h"
+#include "modes_local.h"
 #include <string.h>
 
 int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx,
diff --git a/crypto/openssl/crypto/objects/o_names.c b/crypto/openssl/crypto/objects/o_names.c
index c4355370cb154..979d83577c22a 100644
--- a/crypto/openssl/crypto/objects/o_names.c
+++ b/crypto/openssl/crypto/objects/o_names.c
@@ -17,8 +17,8 @@
 #include <openssl/safestack.h>
 #include <openssl/e_os2.h>
 #include "internal/thread_once.h"
-#include "internal/lhash.h"
-#include "obj_lcl.h"
+#include "crypto/lhash.h"
+#include "obj_local.h"
 #include "e_os.h"
 
 /*
diff --git a/crypto/openssl/crypto/objects/obj_dat.c b/crypto/openssl/crypto/objects/obj_dat.c
index ef2d1e0ddaf2c..46006fe6cf9c4 100644
--- a/crypto/openssl/crypto/objects/obj_dat.c
+++ b/crypto/openssl/crypto/objects/obj_dat.c
@@ -8,15 +8,15 @@
  */
 
 #include <stdio.h>
-#include "internal/ctype.h"
+#include "crypto/ctype.h"
 #include <limits.h>
 #include "internal/cryptlib.h"
 #include <openssl/lhash.h>
 #include <openssl/asn1.h>
-#include "internal/objects.h"
+#include "crypto/objects.h"
 #include <openssl/bn.h>
-#include "internal/asn1_int.h"
-#include "obj_lcl.h"
+#include "crypto/asn1.h"
+#include "obj_local.h"
 
 /* obj_dat.h is generated from objects.h by obj_dat.pl */
 #include "obj_dat.h"
diff --git a/crypto/openssl/crypto/objects/obj_dat.h b/crypto/openssl/crypto/objects/obj_dat.h
index ea91db660b655..d1b1bc7faf914 100644
--- a/crypto/openssl/crypto/objects/obj_dat.h
+++ b/crypto/openssl/crypto/objects/obj_dat.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by crypto/objects/obj_dat.pl
  *
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
  * in the file LICENSE in the source distribution or at
@@ -1728,8 +1728,8 @@ static const ASN1_OBJECT nid_objs[NUM_NID] = {
     {"ITU-T", "itu-t", NID_itu_t},
     {"JOINT-ISO-ITU-T", "joint-iso-itu-t", NID_joint_iso_itu_t},
     {"international-organizations", "International Organizations", NID_international_organizations, 1, &so[4439]},
-    {"msSmartcardLogin", "Microsoft Smartcardlogin", NID_ms_smartcard_login, 10, &so[4440]},
-    {"msUPN", "Microsoft Universal Principal Name", NID_ms_upn, 10, &so[4450]},
+    {"msSmartcardLogin", "Microsoft Smartcard Login", NID_ms_smartcard_login, 10, &so[4440]},
+    {"msUPN", "Microsoft User Principal Name", NID_ms_upn, 10, &so[4450]},
     {"AES-128-CFB1", "aes-128-cfb1", NID_aes_128_cfb1},
     {"AES-192-CFB1", "aes-192-cfb1", NID_aes_192_cfb1},
     {"AES-256-CFB1", "aes-256-cfb1", NID_aes_256_cfb1},
@@ -3578,9 +3578,9 @@ static const unsigned int ln_objs[NUM_LN] = {
      134,    /* "Microsoft Individual Code Signing" */
      856,    /* "Microsoft Local Key set" */
      137,    /* "Microsoft Server Gated Crypto" */
-     648,    /* "Microsoft Smartcardlogin" */
+     648,    /* "Microsoft Smartcard Login" */
      136,    /* "Microsoft Trust List Signing" */
-     649,    /* "Microsoft Universal Principal Name" */
+     649,    /* "Microsoft User Principal Name" */
      393,    /* "NULL" */
      404,    /* "NULL" */
       72,    /* "Netscape Base Url" */
diff --git a/crypto/openssl/crypto/objects/obj_lib.c b/crypto/openssl/crypto/objects/obj_lib.c
index acbdeec2c9806..456a1598cec5d 100644
--- a/crypto/openssl/crypto/objects/obj_lib.c
+++ b/crypto/openssl/crypto/objects/obj_lib.c
@@ -11,7 +11,7 @@
 #include "internal/cryptlib.h"
 #include <openssl/objects.h>
 #include <openssl/buffer.h>
-#include "internal/asn1_int.h"
+#include "crypto/asn1.h"
 
 ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *o)
 {
diff --git a/crypto/openssl/crypto/objects/obj_lcl.h b/crypto/openssl/crypto/objects/obj_local.h
index a417f7c46ef6f..a417f7c46ef6f 100644
--- a/crypto/openssl/crypto/objects/obj_lcl.h
+++ b/crypto/openssl/crypto/objects/obj_local.h
diff --git a/crypto/openssl/crypto/objects/obj_xref.h b/crypto/openssl/crypto/objects/obj_xref.h
index 9144d569dcd04..1ca04bbff19fa 100644
--- a/crypto/openssl/crypto/objects/obj_xref.h
+++ b/crypto/openssl/crypto/objects/obj_xref.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by objxref.pl
  *
- * Copyright 1998-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1998-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/crypto/openssl/crypto/objects/objects.txt b/crypto/openssl/crypto/objects/objects.txt
index 5b2bb54eb929e..c49d4c568b59e 100644
--- a/crypto/openssl/crypto/objects/objects.txt
+++ b/crypto/openssl/crypto/objects/objects.txt
@@ -426,9 +426,9 @@ rsadsi 3 8		: RC5-CBC		: rc5-cbc
 !Cname ms-efs
 1 3 6 1 4 1 311 10 3 4	: msEFS			: Microsoft Encrypted File System
 !Cname ms-smartcard-login
-1 3 6 1 4 1 311 20 2 2	: msSmartcardLogin	: Microsoft Smartcardlogin
+1 3 6 1 4 1 311 20 2 2	: msSmartcardLogin	: Microsoft Smartcard Login
 !Cname ms-upn
-1 3 6 1 4 1 311 20 2 3	: msUPN			: Microsoft Universal Principal Name
+1 3 6 1 4 1 311 20 2 3	: msUPN			: Microsoft User Principal Name
 
 1 3 6 1 4 1 188 7 1 1 2	: IDEA-CBC		: idea-cbc
 			: IDEA-ECB		: idea-ecb
diff --git a/crypto/openssl/crypto/ocsp/ocsp_asn.c b/crypto/openssl/crypto/ocsp/ocsp_asn.c
index 1e0b82797bdca..a869e32bc8b35 100644
--- a/crypto/openssl/crypto/ocsp/ocsp_asn.c
+++ b/crypto/openssl/crypto/ocsp/ocsp_asn.c
@@ -10,7 +10,7 @@
 #include <openssl/asn1.h>
 #include <openssl/asn1t.h>
 #include <openssl/ocsp.h>
-#include "ocsp_lcl.h"
+#include "ocsp_local.h"
 
 ASN1_SEQUENCE(OCSP_SIGNATURE) = {
         ASN1_EMBED(OCSP_SIGNATURE, signatureAlgorithm, X509_ALGOR),
diff --git a/crypto/openssl/crypto/ocsp/ocsp_cl.c b/crypto/openssl/crypto/ocsp/ocsp_cl.c
index 739ac01807a07..55ffd45c6ec03 100644
--- a/crypto/openssl/crypto/ocsp/ocsp_cl.c
+++ b/crypto/openssl/crypto/ocsp/ocsp_cl.c
@@ -16,7 +16,7 @@
 #include <openssl/pem.h>
 #include <openssl/x509v3.h>
 #include <openssl/ocsp.h>
-#include "ocsp_lcl.h"
+#include "ocsp_local.h"
 
 /*
  * Utility functions related to sending OCSP requests and extracting relevant
diff --git a/crypto/openssl/crypto/ocsp/ocsp_ext.c b/crypto/openssl/crypto/ocsp/ocsp_ext.c
index 3ab5308a12bb1..f6c387ffb7d7c 100644
--- a/crypto/openssl/crypto/ocsp/ocsp_ext.c
+++ b/crypto/openssl/crypto/ocsp/ocsp_ext.c
@@ -12,7 +12,7 @@
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 #include <openssl/ocsp.h>
-#include "ocsp_lcl.h"
+#include "ocsp_local.h"
 #include <openssl/rand.h>
 #include <openssl/x509v3.h>
 
diff --git a/crypto/openssl/crypto/ocsp/ocsp_ht.c b/crypto/openssl/crypto/ocsp/ocsp_ht.c
index 42c3686431353..ba408bc86f988 100644
--- a/crypto/openssl/crypto/ocsp/ocsp_ht.c
+++ b/crypto/openssl/crypto/ocsp/ocsp_ht.c
@@ -10,7 +10,7 @@
 #include "e_os.h"
 #include <stdio.h>
 #include <stdlib.h>
-#include "internal/ctype.h"
+#include "crypto/ctype.h"
 #include <string.h>
 #include <openssl/asn1.h>
 #include <openssl/ocsp.h>
diff --git a/crypto/openssl/crypto/ocsp/ocsp_lib.c b/crypto/openssl/crypto/ocsp/ocsp_lib.c
index b8b91cc9eb3f0..37ac6c03fd044 100644
--- a/crypto/openssl/crypto/ocsp/ocsp_lib.c
+++ b/crypto/openssl/crypto/ocsp/ocsp_lib.c
@@ -14,7 +14,7 @@
 #include <openssl/pem.h>
 #include <openssl/x509v3.h>
 #include <openssl/ocsp.h>
-#include "ocsp_lcl.h"
+#include "ocsp_local.h"
 #include <openssl/asn1t.h>
 
 /* Convert a certificate and its issuer to an OCSP_CERTID */
diff --git a/crypto/openssl/crypto/ocsp/ocsp_lcl.h b/crypto/openssl/crypto/ocsp/ocsp_local.h
index 36646fdfc97a7..36646fdfc97a7 100644
--- a/crypto/openssl/crypto/ocsp/ocsp_lcl.h
+++ b/crypto/openssl/crypto/ocsp/ocsp_local.h
diff --git a/crypto/openssl/crypto/ocsp/ocsp_prn.c b/crypto/openssl/crypto/ocsp/ocsp_prn.c
index 5605812ef74b3..1965f2a183b32 100644
--- a/crypto/openssl/crypto/ocsp/ocsp_prn.c
+++ b/crypto/openssl/crypto/ocsp/ocsp_prn.c
@@ -10,7 +10,7 @@
 #include <openssl/bio.h>
 #include <openssl/err.h>
 #include <openssl/ocsp.h>
-#include "ocsp_lcl.h"
+#include "ocsp_local.h"
 #include "internal/cryptlib.h"
 #include <openssl/pem.h>
 
diff --git a/crypto/openssl/crypto/ocsp/ocsp_srv.c b/crypto/openssl/crypto/ocsp/ocsp_srv.c
index 6bd6f7b6d8928..e35fc52fd9440 100644
--- a/crypto/openssl/crypto/ocsp/ocsp_srv.c
+++ b/crypto/openssl/crypto/ocsp/ocsp_srv.c
@@ -14,7 +14,7 @@
 #include <openssl/pem.h>
 #include <openssl/x509v3.h>
 #include <openssl/ocsp.h>
-#include "ocsp_lcl.h"
+#include "ocsp_local.h"
 
 /*
  * Utility functions related to sending OCSP responses and extracting
diff --git a/crypto/openssl/crypto/ocsp/ocsp_vfy.c b/crypto/openssl/crypto/ocsp/ocsp_vfy.c
index 9a8d343866217..e87b71c0c7916 100644
--- a/crypto/openssl/crypto/ocsp/ocsp_vfy.c
+++ b/crypto/openssl/crypto/ocsp/ocsp_vfy.c
@@ -8,7 +8,7 @@
  */
 
 #include <openssl/ocsp.h>
-#include "ocsp_lcl.h"
+#include "ocsp_local.h"
 #include <openssl/err.h>
 #include <string.h>
 
diff --git a/crypto/openssl/crypto/ocsp/v3_ocsp.c b/crypto/openssl/crypto/ocsp/v3_ocsp.c
index 2d425a8951d69..a174ce15a60d5 100644
--- a/crypto/openssl/crypto/ocsp/v3_ocsp.c
+++ b/crypto/openssl/crypto/ocsp/v3_ocsp.c
@@ -12,7 +12,7 @@
 # include <openssl/conf.h>
 # include <openssl/asn1.h>
 # include <openssl/ocsp.h>
-# include "ocsp_lcl.h"
+# include "ocsp_local.h"
 # include <openssl/x509v3.h>
 # include "../x509v3/ext_dat.h"
 
diff --git a/crypto/openssl/crypto/pariscid.pl b/crypto/openssl/crypto/pariscid.pl
index 5a231c49f02a0..f4d364754a1f8 100755
--- a/crypto/openssl/crypto/pariscid.pl
+++ b/crypto/openssl/crypto/pariscid.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2009-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -272,5 +272,5 @@ foreach(split("\n",$code)) {
 
 	print $_,"\n";
 }
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
 
diff --git a/crypto/openssl/crypto/pem/pem_all.c b/crypto/openssl/crypto/pem/pem_all.c
index 0e71813113403..9d57ee7cc2e5a 100644
--- a/crypto/openssl/crypto/pem/pem_all.c
+++ b/crypto/openssl/crypto/pem/pem_all.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -84,9 +84,8 @@ IMPLEMENT_PEM_write_cb_const(RSAPrivateKey, RSA, PEM_STRING_RSA,
 
 
 IMPLEMENT_PEM_rw_const(RSAPublicKey, RSA, PEM_STRING_RSA_PUBLIC,
-                       RSAPublicKey) IMPLEMENT_PEM_rw(RSA_PUBKEY, RSA,
-                                                      PEM_STRING_PUBLIC,
-                                                      RSA_PUBKEY)
+                       RSAPublicKey)
+IMPLEMENT_PEM_rw(RSA_PUBKEY, RSA, PEM_STRING_PUBLIC, RSA_PUBKEY)
 #endif
 #ifndef OPENSSL_NO_DSA
 static DSA *pkey_get_dsa(EVP_PKEY *key, DSA **dsa)
@@ -115,7 +114,7 @@ DSA *PEM_read_bio_DSAPrivateKey(BIO *bp, DSA **dsa, pem_password_cb *cb,
 
 IMPLEMENT_PEM_write_cb_const(DSAPrivateKey, DSA, PEM_STRING_DSA,
                              DSAPrivateKey)
-    IMPLEMENT_PEM_rw(DSA_PUBKEY, DSA, PEM_STRING_PUBLIC, DSA_PUBKEY)
+IMPLEMENT_PEM_rw(DSA_PUBKEY, DSA, PEM_STRING_PUBLIC, DSA_PUBKEY)
 # ifndef OPENSSL_NO_STDIO
 DSA *PEM_read_DSAPrivateKey(FILE *fp, DSA **dsa, pem_password_cb *cb, void *u)
 {
@@ -176,6 +175,6 @@ EC_KEY *PEM_read_ECPrivateKey(FILE *fp, EC_KEY **eckey, pem_password_cb *cb,
 #ifndef OPENSSL_NO_DH
 
 IMPLEMENT_PEM_write_const(DHparams, DH, PEM_STRING_DHPARAMS, DHparams)
-    IMPLEMENT_PEM_write_const(DHxparams, DH, PEM_STRING_DHXPARAMS, DHxparams)
+IMPLEMENT_PEM_write_const(DHxparams, DH, PEM_STRING_DHXPARAMS, DHxparams)
 #endif
 IMPLEMENT_PEM_rw(PUBKEY, EVP_PKEY, PEM_STRING_PUBLIC, PUBKEY)
diff --git a/crypto/openssl/crypto/pem/pem_lib.c b/crypto/openssl/crypto/pem/pem_lib.c
index 4bb86463fae5f..64baf7108ea4f 100644
--- a/crypto/openssl/crypto/pem/pem_lib.c
+++ b/crypto/openssl/crypto/pem/pem_lib.c
@@ -8,7 +8,7 @@
  */
 
 #include <stdio.h>
-#include "internal/ctype.h"
+#include "crypto/ctype.h"
 #include <string.h>
 #include "internal/cryptlib.h"
 #include <openssl/buffer.h>
@@ -18,7 +18,7 @@
 #include <openssl/x509.h>
 #include <openssl/pem.h>
 #include <openssl/pkcs12.h>
-#include "internal/asn1_int.h"
+#include "crypto/asn1.h"
 #include <openssl/des.h>
 #include <openssl/engine.h>
 
diff --git a/crypto/openssl/crypto/pem/pem_pkey.c b/crypto/openssl/crypto/pem/pem_pkey.c
index aa032d2b1cac2..e58cdf4a3e0bf 100644
--- a/crypto/openssl/crypto/pem/pem_pkey.c
+++ b/crypto/openssl/crypto/pem/pem_pkey.c
@@ -17,8 +17,8 @@
 #include <openssl/pem.h>
 #include <openssl/engine.h>
 #include <openssl/dh.h>
-#include "internal/asn1_int.h"
-#include "internal/evp_int.h"
+#include "crypto/asn1.h"
+#include "crypto/evp.h"
 
 int pem_check_suffix(const char *pem_str, const char *suffix);
 
diff --git a/crypto/openssl/crypto/pem/pvkfmt.c b/crypto/openssl/crypto/pem/pvkfmt.c
index 2bbee4a306e4f..1fc19c17f913e 100644
--- a/crypto/openssl/crypto/pem/pvkfmt.c
+++ b/crypto/openssl/crypto/pem/pvkfmt.c
@@ -844,9 +844,9 @@ static int i2b_PVK(unsigned char **out, EVP_PKEY *pk, int enclevel,
         if (!EVP_EncryptInit_ex(cctx, EVP_rc4(), NULL, keybuf, NULL))
             goto error;
         OPENSSL_cleanse(keybuf, 20);
-        if (!EVP_DecryptUpdate(cctx, p, &enctmplen, p, pklen - 8))
+        if (!EVP_EncryptUpdate(cctx, p, &enctmplen, p, pklen - 8))
             goto error;
-        if (!EVP_DecryptFinal_ex(cctx, p + enctmplen, &enctmplen))
+        if (!EVP_EncryptFinal_ex(cctx, p + enctmplen, &enctmplen))
             goto error;
     }
 
diff --git a/crypto/openssl/crypto/perlasm/README b/crypto/openssl/crypto/perlasm/README
index 3177c37165425..59f2c95515fec 100644
--- a/crypto/openssl/crypto/perlasm/README
+++ b/crypto/openssl/crypto/perlasm/README
@@ -35,7 +35,7 @@ Functions of interest are:
 &function_begin_B(name,extra)	Same as normal function_begin but no pushing.
 &function_end(name)		Call at end of function.
 &function_end_A(name)		Standard pop and ret, for use inside functions
-&function_end_B(name)		Call at end but with poping or 'ret'.
+&function_end_B(name)		Call at end but with pop or ret.
 &swtmp(num)			Address on stack temp word.
 &wparam(num)			Parameter number num, that was push
 				in C convention.  This all works over pushes
diff --git a/crypto/openssl/crypto/perlasm/arm-xlate.pl b/crypto/openssl/crypto/perlasm/arm-xlate.pl
index ca2f8b990b972..48819be54052d 100755
--- a/crypto/openssl/crypto/perlasm/arm-xlate.pl
+++ b/crypto/openssl/crypto/perlasm/arm-xlate.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -174,4 +174,4 @@ while(my $line=<>) {
     print "\n";
 }
 
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/perlasm/ppc-xlate.pl b/crypto/openssl/crypto/perlasm/ppc-xlate.pl
index d220c6245b563..08668b295bf6d 100755
--- a/crypto/openssl/crypto/perlasm/ppc-xlate.pl
+++ b/crypto/openssl/crypto/perlasm/ppc-xlate.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -341,4 +341,4 @@ while($line=<>) {
     print "\n";
 }
 
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/perlasm/x86_64-xlate.pl b/crypto/openssl/crypto/perlasm/x86_64-xlate.pl
index 29a0eacfd532a..59af6df9c200d 100755
--- a/crypto/openssl/crypto/perlasm/x86_64-xlate.pl
+++ b/crypto/openssl/crypto/perlasm/x86_64-xlate.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2005-2019 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -1216,7 +1216,7 @@ while(defined(my $line=<>)) {
 print "\n$current_segment\tENDS\n"	if ($current_segment && $masm);
 print "END\n"				if ($masm);
 
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
 
 #################################################
 # Cross-reference x86_64 ABI "card"
diff --git a/crypto/openssl/crypto/pkcs12/p12_add.c b/crypto/openssl/crypto/pkcs12/p12_add.c
index 193ed8097dc3f..af184c86af5db 100644
--- a/crypto/openssl/crypto/pkcs12/p12_add.c
+++ b/crypto/openssl/crypto/pkcs12/p12_add.c
@@ -10,7 +10,7 @@
 #include <stdio.h>
 #include "internal/cryptlib.h"
 #include <openssl/pkcs12.h>
-#include "p12_lcl.h"
+#include "p12_local.h"
 
 /* Pack an object into an OCTET STRING and turn into a safebag */
 
diff --git a/crypto/openssl/crypto/pkcs12/p12_asn.c b/crypto/openssl/crypto/pkcs12/p12_asn.c
index 422dfc398fabc..88f145890cf6e 100644
--- a/crypto/openssl/crypto/pkcs12/p12_asn.c
+++ b/crypto/openssl/crypto/pkcs12/p12_asn.c
@@ -11,7 +11,7 @@
 #include "internal/cryptlib.h"
 #include <openssl/asn1t.h>
 #include <openssl/pkcs12.h>
-#include "p12_lcl.h"
+#include "p12_local.h"
 
 /* PKCS#12 ASN1 module */
 
diff --git a/crypto/openssl/crypto/pkcs12/p12_attr.c b/crypto/openssl/crypto/pkcs12/p12_attr.c
index c324f50514698..a958fdf3465e6 100644
--- a/crypto/openssl/crypto/pkcs12/p12_attr.c
+++ b/crypto/openssl/crypto/pkcs12/p12_attr.c
@@ -10,7 +10,7 @@
 #include <stdio.h>
 #include "internal/cryptlib.h"
 #include <openssl/pkcs12.h>
-#include "p12_lcl.h"
+#include "p12_local.h"
 
 /* Add a local keyid to a safebag */
 
diff --git a/crypto/openssl/crypto/pkcs12/p12_crt.c b/crypto/openssl/crypto/pkcs12/p12_crt.c
index 10cf8dd589d9d..d43dc3b30cf3a 100644
--- a/crypto/openssl/crypto/pkcs12/p12_crt.c
+++ b/crypto/openssl/crypto/pkcs12/p12_crt.c
@@ -10,7 +10,7 @@
 #include <stdio.h>
 #include "internal/cryptlib.h"
 #include <openssl/pkcs12.h>
-#include "p12_lcl.h"
+#include "p12_local.h"
 
 static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags,
                           PKCS12_SAFEBAG *bag);
diff --git a/crypto/openssl/crypto/pkcs12/p12_init.c b/crypto/openssl/crypto/pkcs12/p12_init.c
index 88db0f2dc4f9f..7ecc29ec0ce09 100644
--- a/crypto/openssl/crypto/pkcs12/p12_init.c
+++ b/crypto/openssl/crypto/pkcs12/p12_init.c
@@ -10,7 +10,7 @@
 #include <stdio.h>
 #include "internal/cryptlib.h"
 #include <openssl/pkcs12.h>
-#include "p12_lcl.h"
+#include "p12_local.h"
 
 /* Initialise a PKCS12 structure to take data */
 
diff --git a/crypto/openssl/crypto/pkcs12/p12_lcl.h b/crypto/openssl/crypto/pkcs12/p12_local.h
index 0b52f1e1fed9a..0b52f1e1fed9a 100644
--- a/crypto/openssl/crypto/pkcs12/p12_lcl.h
+++ b/crypto/openssl/crypto/pkcs12/p12_local.h
diff --git a/crypto/openssl/crypto/pkcs12/p12_mutl.c b/crypto/openssl/crypto/pkcs12/p12_mutl.c
index 0cbbed364a210..3658003fe5981 100644
--- a/crypto/openssl/crypto/pkcs12/p12_mutl.c
+++ b/crypto/openssl/crypto/pkcs12/p12_mutl.c
@@ -13,7 +13,7 @@
 #include <openssl/hmac.h>
 #include <openssl/rand.h>
 #include <openssl/pkcs12.h>
-#include "p12_lcl.h"
+#include "p12_local.h"
 
 int PKCS12_mac_present(const PKCS12 *p12)
 {
diff --git a/crypto/openssl/crypto/pkcs12/p12_npas.c b/crypto/openssl/crypto/pkcs12/p12_npas.c
index 0ce75ed330ee5..0334289a89fa0 100644
--- a/crypto/openssl/crypto/pkcs12/p12_npas.c
+++ b/crypto/openssl/crypto/pkcs12/p12_npas.c
@@ -13,7 +13,7 @@
 #include <openssl/pem.h>
 #include <openssl/err.h>
 #include <openssl/pkcs12.h>
-#include "p12_lcl.h"
+#include "p12_local.h"
 
 /* PKCS#12 password change routine */
 
diff --git a/crypto/openssl/crypto/pkcs12/p12_p8e.c b/crypto/openssl/crypto/pkcs12/p12_p8e.c
index 86a07e1335e4d..05fc388a99694 100644
--- a/crypto/openssl/crypto/pkcs12/p12_p8e.c
+++ b/crypto/openssl/crypto/pkcs12/p12_p8e.c
@@ -10,7 +10,7 @@
 #include <stdio.h>
 #include "internal/cryptlib.h"
 #include <openssl/pkcs12.h>
-#include "internal/x509_int.h"
+#include "crypto/x509.h"
 
 X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher,
                         const char *pass, int passlen,
diff --git a/crypto/openssl/crypto/pkcs12/p12_sbag.c b/crypto/openssl/crypto/pkcs12/p12_sbag.c
index a09c5b93132af..7cf522786b03e 100644
--- a/crypto/openssl/crypto/pkcs12/p12_sbag.c
+++ b/crypto/openssl/crypto/pkcs12/p12_sbag.c
@@ -10,7 +10,7 @@
 #include <stdio.h>
 #include "internal/cryptlib.h"
 #include <openssl/pkcs12.h>
-#include "p12_lcl.h"
+#include "p12_local.h"
 
 #if OPENSSL_API_COMPAT < 0x10100000L
 ASN1_TYPE *PKCS12_get_attr(const PKCS12_SAFEBAG *bag, int attr_nid)
diff --git a/crypto/openssl/crypto/pkcs7/pk7_lib.c b/crypto/openssl/crypto/pkcs7/pk7_lib.c
index 16b76431d1bd3..ec4d9abd587f2 100644
--- a/crypto/openssl/crypto/pkcs7/pk7_lib.c
+++ b/crypto/openssl/crypto/pkcs7/pk7_lib.c
@@ -11,8 +11,8 @@
 #include "internal/cryptlib.h"
 #include <openssl/objects.h>
 #include <openssl/x509.h>
-#include "internal/asn1_int.h"
-#include "internal/evp_int.h"
+#include "crypto/asn1.h"
+#include "crypto/evp.h"
 
 long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg)
 {
diff --git a/crypto/openssl/crypto/poly1305/asm/poly1305-armv4.pl b/crypto/openssl/crypto/poly1305/asm/poly1305-armv4.pl
index 5cdb6be05914a..f77e1170f66b7 100755
--- a/crypto/openssl/crypto/poly1305/asm/poly1305-armv4.pl
+++ b/crypto/openssl/crypto/poly1305/asm/poly1305-armv4.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -1250,4 +1250,4 @@ foreach (split("\n",$code)) {
 
 	print $_,"\n";
 }
-close STDOUT; # enforce flush
+close STDOUT or die "error closing STDOUT: $!"; # enforce flush
diff --git a/crypto/openssl/crypto/poly1305/asm/poly1305-armv8.pl b/crypto/openssl/crypto/poly1305/asm/poly1305-armv8.pl
index 6c6c9bb05be07..9bfee2759579b 100755
--- a/crypto/openssl/crypto/poly1305/asm/poly1305-armv8.pl
+++ b/crypto/openssl/crypto/poly1305/asm/poly1305-armv8.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -943,4 +943,4 @@ foreach (split("\n",$code)) {
 
 	print $_,"\n";
 }
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/poly1305/asm/poly1305-mips.pl b/crypto/openssl/crypto/poly1305/asm/poly1305-mips.pl
index 28b6772ee5fe7..965825dc3edab 100755
--- a/crypto/openssl/crypto/poly1305/asm/poly1305-mips.pl
+++ b/crypto/openssl/crypto/poly1305/asm/poly1305-mips.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -433,5 +433,5 @@ ___
 
 $output=pop and open STDOUT,">$output";
 print $code;
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
 
diff --git a/crypto/openssl/crypto/poly1305/asm/poly1305-ppc.pl b/crypto/openssl/crypto/poly1305/asm/poly1305-ppc.pl
index 0c6d015d585be..e5d6933ac4d57 100755
--- a/crypto/openssl/crypto/poly1305/asm/poly1305-ppc.pl
+++ b/crypto/openssl/crypto/poly1305/asm/poly1305-ppc.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -642,4 +642,4 @@ ___
 
 $code =~ s/\`([^\`]*)\`/eval $1/gem;
 print $code;
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/poly1305/asm/poly1305-ppcfp.pl b/crypto/openssl/crypto/poly1305/asm/poly1305-ppcfp.pl
index 09f8185848427..a9ab207146971 100755
--- a/crypto/openssl/crypto/poly1305/asm/poly1305-ppcfp.pl
+++ b/crypto/openssl/crypto/poly1305/asm/poly1305-ppcfp.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -736,4 +736,4 @@ ___
 
 $code =~ s/\`([^\`]*)\`/eval $1/gem;
 print $code;
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/poly1305/asm/poly1305-s390x.pl b/crypto/openssl/crypto/poly1305/asm/poly1305-s390x.pl
index 82d757d9a1caa..bcc8fd3b886aa 100755
--- a/crypto/openssl/crypto/poly1305/asm/poly1305-s390x.pl
+++ b/crypto/openssl/crypto/poly1305/asm/poly1305-s390x.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -224,4 +224,4 @@ $code =~ s/\`([^\`]*)\`/eval $1/gem;
 $code =~ s/\b(srlg\s+)(%r[0-9]+\s*,)\s*([0-9]+)/$1$2$2$3/gm;
 
 print $code;
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/poly1305/asm/poly1305-sparcv9.pl b/crypto/openssl/crypto/poly1305/asm/poly1305-sparcv9.pl
index 0bdd04892544a..997e0d8344c66 100755
--- a/crypto/openssl/crypto/poly1305/asm/poly1305-sparcv9.pl
+++ b/crypto/openssl/crypto/poly1305/asm/poly1305-sparcv9.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -1117,4 +1117,4 @@ foreach (split("\n",$code)) {
 	print $_,"\n";
 }
 
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/poly1305/asm/poly1305-x86.pl b/crypto/openssl/crypto/poly1305/asm/poly1305-x86.pl
index 1e09ddcc10d75..4aaf63a0a1dd4 100755
--- a/crypto/openssl/crypto/poly1305/asm/poly1305-x86.pl
+++ b/crypto/openssl/crypto/poly1305/asm/poly1305-x86.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -71,7 +71,7 @@ if ($sse2) {
 	$avx = ($1>=2.09) + ($1>=2.10);
 	}
 
-	if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9]\.[0-9]+)/) {
+	if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([0-9]+\.[0-9]+)/) {
 		$avx = ($2>=3.0) + ($2>3.0);
 	}
 }
@@ -1812,4 +1812,4 @@ sub vlazy_reduction {
 
 &asm_finish();
 
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/poly1305/asm/poly1305-x86_64.pl b/crypto/openssl/crypto/poly1305/asm/poly1305-x86_64.pl
index 342ad7f18aa71..c014be1ca9fae 100755
--- a/crypto/openssl/crypto/poly1305/asm/poly1305-x86_64.pl
+++ b/crypto/openssl/crypto/poly1305/asm/poly1305-x86_64.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -90,7 +90,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
 	$avx = ($1>=10) + ($1>=12);
 }
 
-if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/) {
+if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([0-9]+\.[0-9]+)/) {
 	$avx = ($2>=3.0) + ($2>3.0);
 }
 
@@ -168,6 +168,7 @@ $code.=<<___;
 .type	poly1305_init,\@function,3
 .align	32
 poly1305_init:
+.cfi_startproc
 	xor	%rax,%rax
 	mov	%rax,0($ctx)		# initialize hash value
 	mov	%rax,8($ctx)
@@ -219,6 +220,7 @@ $code.=<<___;
 	mov	\$1,%eax
 .Lno_key:
 	ret
+.cfi_endproc
 .size	poly1305_init,.-poly1305_init
 
 .type	poly1305_blocks,\@function,4
@@ -298,6 +300,7 @@ $code.=<<___;
 .type	poly1305_emit,\@function,3
 .align	32
 poly1305_emit:
+.cfi_startproc
 .Lemit:
 	mov	0($ctx),%r8	# load hash value
 	mov	8($ctx),%r9
@@ -318,6 +321,7 @@ poly1305_emit:
 	mov	%rcx,8($mac)
 
 	ret
+.cfi_endproc
 .size	poly1305_emit,.-poly1305_emit
 ___
 if ($avx) {
@@ -342,15 +346,18 @@ $code.=<<___;
 .type	__poly1305_block,\@abi-omnipotent
 .align	32
 __poly1305_block:
+.cfi_startproc
 ___
 	&poly1305_iteration();
 $code.=<<___;
 	ret
+.cfi_endproc
 .size	__poly1305_block,.-__poly1305_block
 
 .type	__poly1305_init_avx,\@abi-omnipotent
 .align	32
 __poly1305_init_avx:
+.cfi_startproc
 	mov	$r0,$h0
 	mov	$r1,$h1
 	xor	$h2,$h2
@@ -508,6 +515,7 @@ __poly1305_init_avx:
 
 	lea	-48-64($ctx),$ctx	# size [de-]optimization
 	ret
+.cfi_endproc
 .size	__poly1305_init_avx,.-__poly1305_init_avx
 
 .type	poly1305_blocks_avx,\@function,4
@@ -1373,6 +1381,7 @@ $code.=<<___;
 .type	poly1305_emit_avx,\@function,3
 .align	32
 poly1305_emit_avx:
+.cfi_startproc
 	cmpl	\$0,20($ctx)	# is_base2_26?
 	je	.Lemit
 
@@ -1423,6 +1432,7 @@ poly1305_emit_avx:
 	mov	%rcx,8($mac)
 
 	ret
+.cfi_endproc
 .size	poly1305_emit_avx,.-poly1305_emit_avx
 ___
 
@@ -2741,6 +2751,7 @@ $code.=<<___;
 .type	poly1305_init_base2_44,\@function,3
 .align	32
 poly1305_init_base2_44:
+.cfi_startproc
 	xor	%rax,%rax
 	mov	%rax,0($ctx)		# initialize hash value
 	mov	%rax,8($ctx)
@@ -2782,6 +2793,7 @@ ___
 $code.=<<___;
 	mov	\$1,%eax
 	ret
+.cfi_endproc
 .size	poly1305_init_base2_44,.-poly1305_init_base2_44
 ___
 {
@@ -2793,6 +2805,7 @@ $code.=<<___;
 .type	poly1305_blocks_vpmadd52,\@function,4
 .align	32
 poly1305_blocks_vpmadd52:
+.cfi_startproc
 	shr	\$4,$len
 	jz	.Lno_data_vpmadd52		# too short
 
@@ -2899,6 +2912,7 @@ poly1305_blocks_vpmadd52:
 
 .Lno_data_vpmadd52:
 	ret
+.cfi_endproc
 .size	poly1305_blocks_vpmadd52,.-poly1305_blocks_vpmadd52
 ___
 }
@@ -2916,6 +2930,7 @@ $code.=<<___;
 .type	poly1305_blocks_vpmadd52_4x,\@function,4
 .align	32
 poly1305_blocks_vpmadd52_4x:
+.cfi_startproc
 	shr	\$4,$len
 	jz	.Lno_data_vpmadd52_4x		# too short
 
@@ -3340,6 +3355,7 @@ poly1305_blocks_vpmadd52_4x:
 
 .Lno_data_vpmadd52_4x:
 	ret
+.cfi_endproc
 .size	poly1305_blocks_vpmadd52_4x,.-poly1305_blocks_vpmadd52_4x
 ___
 }
@@ -3358,6 +3374,7 @@ $code.=<<___;
 .type	poly1305_blocks_vpmadd52_8x,\@function,4
 .align	32
 poly1305_blocks_vpmadd52_8x:
+.cfi_startproc
 	shr	\$4,$len
 	jz	.Lno_data_vpmadd52_8x		# too short
 
@@ -3713,6 +3730,7 @@ $code.=<<___;
 
 .Lno_data_vpmadd52_8x:
 	ret
+.cfi_endproc
 .size	poly1305_blocks_vpmadd52_8x,.-poly1305_blocks_vpmadd52_8x
 ___
 }
@@ -3720,6 +3738,7 @@ $code.=<<___;
 .type	poly1305_emit_base2_44,\@function,3
 .align	32
 poly1305_emit_base2_44:
+.cfi_startproc
 	mov	0($ctx),%r8	# load hash value
 	mov	8($ctx),%r9
 	mov	16($ctx),%r10
@@ -3750,6 +3769,7 @@ poly1305_emit_base2_44:
 	mov	%rcx,8($mac)
 
 	ret
+.cfi_endproc
 .size	poly1305_emit_base2_44,.-poly1305_emit_base2_44
 ___
 }	}	}
@@ -3800,6 +3820,7 @@ $code.=<<___;
 .type	xor128_encrypt_n_pad,\@abi-omnipotent
 .align	16
 xor128_encrypt_n_pad:
+.cfi_startproc
 	sub	$otp,$inp
 	sub	$otp,$out
 	mov	$len,%r10		# put len aside
@@ -3841,12 +3862,14 @@ xor128_encrypt_n_pad:
 .Ldone_enc:
 	mov	$otp,%rax
 	ret
+.cfi_endproc
 .size	xor128_encrypt_n_pad,.-xor128_encrypt_n_pad
 
 .globl	xor128_decrypt_n_pad
 .type	xor128_decrypt_n_pad,\@abi-omnipotent
 .align	16
 xor128_decrypt_n_pad:
+.cfi_startproc
 	sub	$otp,$inp
 	sub	$otp,$out
 	mov	$len,%r10		# put len aside
@@ -3892,6 +3915,7 @@ xor128_decrypt_n_pad:
 .Ldone_dec:
 	mov	$otp,%rax
 	ret
+.cfi_endproc
 .size	xor128_decrypt_n_pad,.-xor128_decrypt_n_pad
 ___
 }
@@ -4156,4 +4180,4 @@ foreach (split('\n',$code)) {
 
 	print $_,"\n";
 }
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/poly1305/poly1305.c b/crypto/openssl/crypto/poly1305/poly1305.c
index 1d182364aee43..e7f5b92c8f3da 100644
--- a/crypto/openssl/crypto/poly1305/poly1305.c
+++ b/crypto/openssl/crypto/poly1305/poly1305.c
@@ -11,7 +11,7 @@
 #include <string.h>
 #include <openssl/crypto.h>
 
-#include "internal/poly1305.h"
+#include "crypto/poly1305.h"
 #include "poly1305_local.h"
 
 size_t Poly1305_ctx_size(void)
@@ -89,7 +89,7 @@ static void
 poly1305_blocks(void *ctx, const unsigned char *inp, size_t len, u32 padbit);
 
 /*
- * Type-agnostic "rip-off" from constant_time_locl.h
+ * Type-agnostic "rip-off" from constant_time.h
  */
 # define CONSTANT_TIME_CARRY(a,b) ( \
          (a ^ ((a ^ b) | ((a - b) ^ b))) >> (sizeof(a) * 8 - 1) \
diff --git a/crypto/openssl/crypto/poly1305/poly1305_ameth.c b/crypto/openssl/crypto/poly1305/poly1305_ameth.c
index 033ee8cd96997..0c8a91dc79dcc 100644
--- a/crypto/openssl/crypto/poly1305/poly1305_ameth.c
+++ b/crypto/openssl/crypto/poly1305/poly1305_ameth.c
@@ -10,10 +10,10 @@
 #include <stdio.h>
 #include "internal/cryptlib.h"
 #include <openssl/evp.h>
-#include "internal/asn1_int.h"
-#include "internal/poly1305.h"
+#include "crypto/asn1.h"
+#include "crypto/poly1305.h"
 #include "poly1305_local.h"
-#include "internal/evp_int.h"
+#include "crypto/evp.h"
 
 /*
  * POLY1305 "ASN1" method. This is just here to indicate the maximum
diff --git a/crypto/openssl/crypto/poly1305/poly1305_pmeth.c b/crypto/openssl/crypto/poly1305/poly1305_pmeth.c
index 3bc24c98cd614..49a799a12f518 100644
--- a/crypto/openssl/crypto/poly1305/poly1305_pmeth.c
+++ b/crypto/openssl/crypto/poly1305/poly1305_pmeth.c
@@ -13,9 +13,9 @@
 #include <openssl/x509v3.h>
 #include <openssl/evp.h>
 #include <openssl/err.h>
-#include "internal/poly1305.h"
+#include "crypto/poly1305.h"
 #include "poly1305_local.h"
-#include "internal/evp_int.h"
+#include "crypto/evp.h"
 
 /* POLY1305 pkey context structure */
 
diff --git a/crypto/openssl/crypto/ppc_arch.h b/crypto/openssl/crypto/ppc_arch.h
index 72bd7468745c7..e3845e9394ae2 100644
--- a/crypto/openssl/crypto/ppc_arch.h
+++ b/crypto/openssl/crypto/ppc_arch.h
@@ -7,8 +7,8 @@
  * https://www.openssl.org/source/license.html
  */
 
-#ifndef HEADER_PPC_ARCH_H
-# define HEADER_PPC_ARCH_H
+#ifndef OSSL_CRYPTO_PPC_ARCH_H
+# define OSSL_CRYPTO_PPC_ARCH_H
 
 extern unsigned int OPENSSL_ppccap_P;
 
diff --git a/crypto/openssl/crypto/ppccap.c b/crypto/openssl/crypto/ppccap.c
index a59485207b167..b12cd949ccfe1 100644
--- a/crypto/openssl/crypto/ppccap.c
+++ b/crypto/openssl/crypto/ppccap.c
@@ -29,8 +29,8 @@
 #include <openssl/crypto.h>
 #include <openssl/bn.h>
 #include <internal/cryptlib.h>
-#include <internal/chacha.h>
-#include "bn/bn_lcl.h"
+#include <crypto/chacha.h>
+#include "bn/bn_local.h"
 
 #include "ppc_arch.h"
 
diff --git a/crypto/openssl/crypto/ppccpuid.pl b/crypto/openssl/crypto/ppccpuid.pl
index a38445fd3c529..2065cbb84b10d 100755
--- a/crypto/openssl/crypto/ppccpuid.pl
+++ b/crypto/openssl/crypto/ppccpuid.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2007-2019 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -379,4 +379,4 @@ ___
 
 $code =~ s/\`([^\`]*)\`/eval $1/gem;
 print $code;
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/rand/drbg_ctr.c b/crypto/openssl/crypto/rand/drbg_ctr.c
index a243361b56e40..93b82f34ceda1 100644
--- a/crypto/openssl/crypto/rand/drbg_ctr.c
+++ b/crypto/openssl/crypto/rand/drbg_ctr.c
@@ -14,7 +14,7 @@
 #include <openssl/rand.h>
 #include "internal/thread_once.h"
 #include "internal/thread_once.h"
-#include "rand_lcl.h"
+#include "rand_local.h"
 /*
  * Implementation of NIST SP 800-90A CTR DRBG.
  */
diff --git a/crypto/openssl/crypto/rand/drbg_lib.c b/crypto/openssl/crypto/rand/drbg_lib.c
index 12bb627a04efa..faf0590c6c281 100644
--- a/crypto/openssl/crypto/rand/drbg_lib.c
+++ b/crypto/openssl/crypto/rand/drbg_lib.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2011-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -11,10 +11,10 @@
 #include <openssl/crypto.h>
 #include <openssl/err.h>
 #include <openssl/rand.h>
-#include "rand_lcl.h"
+#include "rand_local.h"
 #include "internal/thread_once.h"
-#include "internal/rand_int.h"
-#include "internal/cryptlib_int.h"
+#include "crypto/rand.h"
+#include "crypto/cryptlib.h"
 
 /*
  * Support framework for NIST SP 800-90A DRBG
@@ -1044,7 +1044,7 @@ static int drbg_add(const void *buf, int num, double randomness)
         return ret;
 #else
         /*
-         * If an os entropy source is avaible then we declare the buffer content
+         * If an os entropy source is available then we declare the buffer content
          * as additional data by setting randomness to zero and trigger a regular
          * reseeding.
          */
diff --git a/crypto/openssl/crypto/rand/rand_err.c b/crypto/openssl/crypto/rand/rand_err.c
index ae4d8559fb285..a3ae5f53c2956 100644
--- a/crypto/openssl/crypto/rand/rand_err.c
+++ b/crypto/openssl/crypto/rand/rand_err.c
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -14,6 +14,8 @@
 #ifndef OPENSSL_NO_ERR
 
 static const ERR_STRING_DATA RAND_str_functs[] = {
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_DATA_COLLECT_METHOD, 0),
+     "data_collect_method"},
     {ERR_PACK(ERR_LIB_RAND, RAND_F_DRBG_BYTES, 0), "drbg_bytes"},
     {ERR_PACK(ERR_LIB_RAND, RAND_F_DRBG_GET_ENTROPY, 0), "drbg_get_entropy"},
     {ERR_PACK(ERR_LIB_RAND, RAND_F_DRBG_SETUP, 0), "drbg_setup"},
@@ -49,6 +51,7 @@ static const ERR_STRING_DATA RAND_str_functs[] = {
      "rand_pool_bytes_needed"},
     {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_GROW, 0), "rand_pool_grow"},
     {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_NEW, 0), "rand_pool_new"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_PSEUDO_BYTES, 0), "RAND_pseudo_bytes"},
     {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_WRITE_FILE, 0), "RAND_write_file"},
     {0, NULL}
 };
diff --git a/crypto/openssl/crypto/rand/rand_lib.c b/crypto/openssl/crypto/rand/rand_lib.c
index 91b26523110f3..ab4e9b5486cb3 100644
--- a/crypto/openssl/crypto/rand/rand_lib.c
+++ b/crypto/openssl/crypto/rand/rand_lib.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -11,10 +11,10 @@
 #include <time.h>
 #include "internal/cryptlib.h"
 #include <openssl/opensslconf.h>
-#include "internal/rand_int.h"
+#include "crypto/rand.h"
 #include <openssl/engine.h>
 #include "internal/thread_once.h"
-#include "rand_lcl.h"
+#include "rand_local.h"
 #include "e_os.h"
 
 #ifndef OPENSSL_NO_ENGINE
@@ -386,6 +386,9 @@ int RAND_poll(void)
 
     const RAND_METHOD *meth = RAND_get_rand_method();
 
+    if (meth == NULL)
+        return 0;
+
     if (meth == RAND_OpenSSL()) {
         /* fill random pool and seed the master DRBG */
         RAND_DRBG *drbg = RAND_DRBG_get0_master();
@@ -765,7 +768,7 @@ int rand_pool_add(RAND_POOL *pool,
  * is returned without producing an error message.
  *
  * After updating the buffer, rand_pool_add_end() needs to be called
- * to finish the udpate operation (see next comment).
+ * to finish the update operation (see next comment).
  */
 unsigned char *rand_pool_add_begin(RAND_POOL *pool, size_t len)
 {
@@ -896,7 +899,7 @@ void RAND_seed(const void *buf, int num)
 {
     const RAND_METHOD *meth = RAND_get_rand_method();
 
-    if (meth->seed != NULL)
+    if (meth != NULL && meth->seed != NULL)
         meth->seed(buf, num);
 }
 
@@ -904,7 +907,7 @@ void RAND_add(const void *buf, int num, double randomness)
 {
     const RAND_METHOD *meth = RAND_get_rand_method();
 
-    if (meth->add != NULL)
+    if (meth != NULL && meth->add != NULL)
         meth->add(buf, num, randomness);
 }
 
@@ -917,24 +920,22 @@ int RAND_priv_bytes(unsigned char *buf, int num)
 {
     const RAND_METHOD *meth = RAND_get_rand_method();
     RAND_DRBG *drbg;
-    int ret;
 
-    if (meth != RAND_OpenSSL())
+    if (meth != NULL && meth != RAND_OpenSSL())
         return RAND_bytes(buf, num);
 
     drbg = RAND_DRBG_get0_private();
-    if (drbg == NULL)
-        return 0;
+    if (drbg != NULL)
+        return RAND_DRBG_bytes(drbg, buf, num);
 
-    ret = RAND_DRBG_bytes(drbg, buf, num);
-    return ret;
+    return 0;
 }
 
 int RAND_bytes(unsigned char *buf, int num)
 {
     const RAND_METHOD *meth = RAND_get_rand_method();
 
-    if (meth->bytes != NULL)
+    if (meth != NULL && meth->bytes != NULL)
         return meth->bytes(buf, num);
     RANDerr(RAND_F_RAND_BYTES, RAND_R_FUNC_NOT_IMPLEMENTED);
     return -1;
@@ -945,8 +946,9 @@ int RAND_pseudo_bytes(unsigned char *buf, int num)
 {
     const RAND_METHOD *meth = RAND_get_rand_method();
 
-    if (meth->pseudorand != NULL)
+    if (meth != NULL && meth->pseudorand != NULL)
         return meth->pseudorand(buf, num);
+    RANDerr(RAND_F_RAND_PSEUDO_BYTES, RAND_R_FUNC_NOT_IMPLEMENTED);
     return -1;
 }
 #endif
@@ -955,7 +957,7 @@ int RAND_status(void)
 {
     const RAND_METHOD *meth = RAND_get_rand_method();
 
-    if (meth->status != NULL)
+    if (meth != NULL && meth->status != NULL)
         return meth->status();
     return 0;
 }
diff --git a/crypto/openssl/crypto/rand/rand_lcl.h b/crypto/openssl/crypto/rand/rand_local.h
index 306c59f6efa0f..1bc9bf7d266dd 100644
--- a/crypto/openssl/crypto/rand/rand_lcl.h
+++ b/crypto/openssl/crypto/rand/rand_local.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -7,8 +7,8 @@
  * https://www.openssl.org/source/license.html
  */
 
-#ifndef HEADER_RAND_LCL_H
-# define HEADER_RAND_LCL_H
+#ifndef OSSL_CRYPTO_RAND_LOCAL_H
+# define OSSL_CRYPTO_RAND_LOCAL_H
 
 # include <openssl/aes.h>
 # include <openssl/evp.h>
@@ -82,7 +82,7 @@
  * Typically, the DRBGs will set a minimum larger than this so optimal
  * allocation ought to take place (for full quality seed material).
  *
- * The normal value has been chosed by noticing that the rand_drbg_get_nonce
+ * The normal value has been chosen by noticing that the rand_drbg_get_nonce
  * function is usually the largest of the built in allocation (twenty four
  * bytes and then appending another sixteen bytes).  This means the buffer ends
  * with 40 bytes.  The value of forty eight is comfortably above this which
diff --git a/crypto/openssl/crypto/rand/rand_unix.c b/crypto/openssl/crypto/rand/rand_unix.c
index 69efcdeed752d..fe457cab4a3b1 100644
--- a/crypto/openssl/crypto/rand/rand_unix.c
+++ b/crypto/openssl/crypto/rand/rand_unix.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -15,8 +15,8 @@
 #include "internal/cryptlib.h"
 #include <openssl/rand.h>
 #include <openssl/crypto.h>
-#include "rand_lcl.h"
-#include "internal/rand_int.h"
+#include "rand_local.h"
+#include "crypto/rand.h"
 #include <stdio.h>
 #include "internal/dso.h"
 #ifdef __linux
@@ -80,7 +80,8 @@ static uint64_t get_timer_bits(void);
 #   define OSSL_POSIX_TIMER_OKAY
 #  endif
 # endif
-#endif /* defined(OPENSSL_SYS_UNIX) || defined(__DJGPP__) */
+#endif /* (defined(OPENSSL_SYS_UNIX) && !defined(OPENSSL_SYS_VXWORKS))
+          || defined(__DJGPP__) */
 
 #if defined(OPENSSL_RAND_SEED_NONE)
 /* none means none. this simplifies the following logic */
@@ -282,12 +283,58 @@ static ssize_t sysctl_random(char *buf, size_t buflen)
 #  if defined(OPENSSL_RAND_SEED_GETRANDOM)
 
 #   if defined(__linux) && !defined(__NR_getrandom)
-#    if defined(__arm__) && defined(__NR_SYSCALL_BASE)
+#    if defined(__arm__)
 #     define __NR_getrandom    (__NR_SYSCALL_BASE+384)
 #    elif defined(__i386__)
 #     define __NR_getrandom    355
-#    elif defined(__x86_64__) && !defined(__ILP32__)
-#     define __NR_getrandom    318
+#    elif defined(__x86_64__)
+#     if defined(__ILP32__)
+#      define __NR_getrandom   (__X32_SYSCALL_BIT + 318)
+#     else
+#      define __NR_getrandom   318
+#     endif
+#    elif defined(__xtensa__)
+#     define __NR_getrandom    338
+#    elif defined(__s390__) || defined(__s390x__)
+#     define __NR_getrandom    349
+#    elif defined(__bfin__)
+#     define __NR_getrandom    389
+#    elif defined(__powerpc__)
+#     define __NR_getrandom    359
+#    elif defined(__mips__) || defined(__mips64)
+#     if _MIPS_SIM == _MIPS_SIM_ABI32
+#      define __NR_getrandom   (__NR_Linux + 353)
+#     elif _MIPS_SIM == _MIPS_SIM_ABI64
+#      define __NR_getrandom   (__NR_Linux + 313)
+#     elif _MIPS_SIM == _MIPS_SIM_NABI32
+#      define __NR_getrandom   (__NR_Linux + 317)
+#     endif
+#    elif defined(__hppa__)
+#     define __NR_getrandom    (__NR_Linux + 339)
+#    elif defined(__sparc__)
+#     define __NR_getrandom    347
+#    elif defined(__ia64__)
+#     define __NR_getrandom    1339
+#    elif defined(__alpha__)
+#     define __NR_getrandom    511
+#    elif defined(__sh__)
+#     if defined(__SH5__)
+#      define __NR_getrandom   373
+#     else
+#      define __NR_getrandom   384
+#     endif
+#    elif defined(__avr32__)
+#     define __NR_getrandom    317
+#    elif defined(__microblaze__)
+#     define __NR_getrandom    385
+#    elif defined(__m68k__)
+#     define __NR_getrandom    352
+#    elif defined(__cris__)
+#     define __NR_getrandom    356
+#    elif defined(__aarch64__)
+#     define __NR_getrandom    278
+#    else /* generic */
+#     define __NR_getrandom    278
 #    endif
 #   endif
 
@@ -814,4 +861,5 @@ static uint64_t get_timer_bits(void)
 # endif
     return time(NULL);
 }
-#endif /* defined(OPENSSL_SYS_UNIX) || defined(__DJGPP__) */
+#endif /* (defined(OPENSSL_SYS_UNIX) && !defined(OPENSSL_SYS_VXWORKS))
+          || defined(__DJGPP__) */
diff --git a/crypto/openssl/crypto/rc2/rc2_cbc.c b/crypto/openssl/crypto/rc2/rc2_cbc.c
index 2b59353b11541..17e86f690e01c 100644
--- a/crypto/openssl/crypto/rc2/rc2_cbc.c
+++ b/crypto/openssl/crypto/rc2/rc2_cbc.c
@@ -8,7 +8,7 @@
  */
 
 #include <openssl/rc2.h>
-#include "rc2_locl.h"
+#include "rc2_local.h"
 
 void RC2_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
                      RC2_KEY *ks, unsigned char *iv, int encrypt)
diff --git a/crypto/openssl/crypto/rc2/rc2_ecb.c b/crypto/openssl/crypto/rc2/rc2_ecb.c
index fb2f78273d8ee..8d9927cd58589 100644
--- a/crypto/openssl/crypto/rc2/rc2_ecb.c
+++ b/crypto/openssl/crypto/rc2/rc2_ecb.c
@@ -8,7 +8,7 @@
  */
 
 #include <openssl/rc2.h>
-#include "rc2_locl.h"
+#include "rc2_local.h"
 #include <openssl/opensslv.h>
 
 /*-
diff --git a/crypto/openssl/crypto/rc2/rc2_locl.h b/crypto/openssl/crypto/rc2/rc2_local.h
index e4dad947872cb..e4dad947872cb 100644
--- a/crypto/openssl/crypto/rc2/rc2_locl.h
+++ b/crypto/openssl/crypto/rc2/rc2_local.h
diff --git a/crypto/openssl/crypto/rc2/rc2_skey.c b/crypto/openssl/crypto/rc2/rc2_skey.c
index 55d8ba37155c1..60ebd42f26360 100644
--- a/crypto/openssl/crypto/rc2/rc2_skey.c
+++ b/crypto/openssl/crypto/rc2/rc2_skey.c
@@ -8,7 +8,7 @@
  */
 
 #include <openssl/rc2.h>
-#include "rc2_locl.h"
+#include "rc2_local.h"
 
 static const unsigned char key_table[256] = {
     0xd9, 0x78, 0xf9, 0xc4, 0x19, 0xdd, 0xb5, 0xed, 0x28, 0xe9, 0xfd, 0x79,
diff --git a/crypto/openssl/crypto/rc2/rc2cfb64.c b/crypto/openssl/crypto/rc2/rc2cfb64.c
index e11093db9e21a..8d1c3a4d8f66f 100644
--- a/crypto/openssl/crypto/rc2/rc2cfb64.c
+++ b/crypto/openssl/crypto/rc2/rc2cfb64.c
@@ -8,7 +8,7 @@
  */
 
 #include <openssl/rc2.h>
-#include "rc2_locl.h"
+#include "rc2_local.h"
 
 /*
  * The input and output encrypted as though 64bit cfb mode is being used.
diff --git a/crypto/openssl/crypto/rc2/rc2ofb64.c b/crypto/openssl/crypto/rc2/rc2ofb64.c
index d610278a9bdcb..61b2c56434bfe 100644
--- a/crypto/openssl/crypto/rc2/rc2ofb64.c
+++ b/crypto/openssl/crypto/rc2/rc2ofb64.c
@@ -8,7 +8,7 @@
  */
 
 #include <openssl/rc2.h>
-#include "rc2_locl.h"
+#include "rc2_local.h"
 
 /*
  * The input and output encrypted as though 64bit ofb mode is being used.
diff --git a/crypto/openssl/crypto/rc4/asm/rc4-586.pl b/crypto/openssl/crypto/rc4/asm/rc4-586.pl
index 8c5cf87d05cec..3a936de1f9a79 100644
--- a/crypto/openssl/crypto/rc4/asm/rc4-586.pl
+++ b/crypto/openssl/crypto/rc4/asm/rc4-586.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 1998-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -423,4 +423,4 @@ $idx="edx";
 
 &asm_finish();
 
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/rc4/asm/rc4-c64xplus.pl b/crypto/openssl/crypto/rc4/asm/rc4-c64xplus.pl
index 1354d18214933..b12d044af465d 100755
--- a/crypto/openssl/crypto/rc4/asm/rc4-c64xplus.pl
+++ b/crypto/openssl/crypto/rc4/asm/rc4-c64xplus.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -189,4 +189,4 @@ ___
 $output=pop;
 open STDOUT,">$output";
 print $code;
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/rc4/asm/rc4-md5-x86_64.pl b/crypto/openssl/crypto/rc4/asm/rc4-md5-x86_64.pl
index 74e5191051eb7..7aa5c21bd8364 100755
--- a/crypto/openssl/crypto/rc4/asm/rc4-md5-x86_64.pl
+++ b/crypto/openssl/crypto/rc4/asm/rc4-md5-x86_64.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -484,6 +484,7 @@ $code.=<<___;
 .type	RC4_set_key,\@function,3
 .align	16
 RC4_set_key:
+.cfi_startproc
 	lea	8($dat),$dat
 	lea	($inp,$len),$inp
 	neg	$len
@@ -519,6 +520,7 @@ RC4_set_key:
 	mov	%eax,-8($dat)
 	mov	%eax,-4($dat)
 	ret
+.cfi_endproc
 .size	RC4_set_key,.-RC4_set_key
 
 .globl	RC4_options
@@ -658,4 +660,4 @@ $code =~ s/#rc4#//gm	if ($rc4);
 
 print $code;
 
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/rc4/asm/rc4-parisc.pl b/crypto/openssl/crypto/rc4/asm/rc4-parisc.pl
index 4111f339dae4f..631e742b739dd 100755
--- a/crypto/openssl/crypto/rc4/asm/rc4-parisc.pl
+++ b/crypto/openssl/crypto/rc4/asm/rc4-parisc.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2009-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -330,4 +330,4 @@ foreach(split("\n",$code)) {
 
 	print $_,"\n";
 }
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/rc4/asm/rc4-s390x.pl b/crypto/openssl/crypto/rc4/asm/rc4-s390x.pl
index 469f110fafeec..dded0b75e7f95 100755
--- a/crypto/openssl/crypto/rc4/asm/rc4-s390x.pl
+++ b/crypto/openssl/crypto/rc4/asm/rc4-s390x.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -184,7 +184,7 @@ $code.=<<___;
 RC4_set_key:
 	stm${g}	%r6,%r8,6*$SIZE_T($sp)
 	lhi	$cnt,256
-	la	$idx,0(%r0)
+	la	$idx,0
 	sth	$idx,0($key)
 .align	4
 .L1stloop:
@@ -194,8 +194,8 @@ RC4_set_key:
 
 	lghi	$ikey,-256
 	lr	$cnt,$len
-	la	$iinp,0(%r0)
-	la	$idx,0(%r0)
+	la	$iinp,0
+	la	$idx,0
 .align	16
 .L2ndloop:
 	llgc	$acc,2+256($ikey,$key)
@@ -212,7 +212,7 @@ RC4_set_key:
 	jz	.Ldone
 	brct	$cnt,.L2ndloop
 	lr	$cnt,$len
-	la	$iinp,0(%r0)
+	la	$iinp,0
 	j	.L2ndloop
 .Ldone:
 	lm${g}	%r6,%r8,6*$SIZE_T($sp)
@@ -238,4 +238,4 @@ RC4_options:
 ___
 
 print $code;
-close STDOUT;	# force flush
+close STDOUT or die "error closing STDOUT: $!";	# force flush
diff --git a/crypto/openssl/crypto/rc4/asm/rc4-x86_64.pl b/crypto/openssl/crypto/rc4/asm/rc4-x86_64.pl
index 1a9cc47d7253d..423eb5b4a9978 100755
--- a/crypto/openssl/crypto/rc4/asm/rc4-x86_64.pl
+++ b/crypto/openssl/crypto/rc4/asm/rc4-x86_64.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -138,11 +138,12 @@ $code=<<___;
 .globl	RC4
 .type	RC4,\@function,4
 .align	16
-RC4:	or	$len,$len
+RC4:
+.cfi_startproc
+	or	$len,$len
 	jne	.Lentry
 	ret
 .Lentry:
-.cfi_startproc
 	push	%rbx
 .cfi_push	%rbx
 	push	%r12
@@ -453,6 +454,7 @@ $code.=<<___;
 .type	RC4_set_key,\@function,3
 .align	16
 RC4_set_key:
+.cfi_startproc
 	lea	8($dat),$dat
 	lea	($inp,$len),$inp
 	neg	$len
@@ -519,12 +521,14 @@ RC4_set_key:
 	mov	%eax,-8($dat)
 	mov	%eax,-4($dat)
 	ret
+.cfi_endproc
 .size	RC4_set_key,.-RC4_set_key
 
 .globl	RC4_options
 .type	RC4_options,\@abi-omnipotent
 .align	16
 RC4_options:
+.cfi_startproc
 	lea	.Lopts(%rip),%rax
 	mov	OPENSSL_ia32cap_P(%rip),%edx
 	bt	\$20,%edx
@@ -537,6 +541,7 @@ RC4_options:
 	add	\$12,%rax
 .Ldone:
 	ret
+.cfi_endproc
 .align	64
 .Lopts:
 .asciz	"rc4(8x,int)"
@@ -693,4 +698,4 @@ $code =~ s/\`([^\`]*)\`/eval $1/gem;
 
 print $code;
 
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/rc4/rc4_enc.c b/crypto/openssl/crypto/rc4/rc4_enc.c
index 638a75bb06a93..09ef6a896f072 100644
--- a/crypto/openssl/crypto/rc4/rc4_enc.c
+++ b/crypto/openssl/crypto/rc4/rc4_enc.c
@@ -8,7 +8,7 @@
  */
 
 #include <openssl/rc4.h>
-#include "rc4_locl.h"
+#include "rc4_local.h"
 
 /*-
  * RC4 as implemented from a posting from
diff --git a/crypto/openssl/crypto/rc4/rc4_locl.h b/crypto/openssl/crypto/rc4/rc4_local.h
index 4380addbccb21..e739be4be7933 100644
--- a/crypto/openssl/crypto/rc4/rc4_locl.h
+++ b/crypto/openssl/crypto/rc4/rc4_local.h
@@ -7,8 +7,8 @@
  * https://www.openssl.org/source/license.html
  */
 
-#ifndef HEADER_RC4_LOCL_H
-# define HEADER_RC4_LOCL_H
+#ifndef OSSL_CRYPTO_RC4_LOCAL_H
+# define OSSL_CRYPTO_RC4_LOCAL_H
 
 # include <openssl/opensslconf.h>
 # include "internal/cryptlib.h"
diff --git a/crypto/openssl/crypto/rc4/rc4_skey.c b/crypto/openssl/crypto/rc4/rc4_skey.c
index e9007331eb33e..100eb79c2ada7 100644
--- a/crypto/openssl/crypto/rc4/rc4_skey.c
+++ b/crypto/openssl/crypto/rc4/rc4_skey.c
@@ -8,7 +8,7 @@
  */
 
 #include <openssl/rc4.h>
-#include "rc4_locl.h"
+#include "rc4_local.h"
 #include <openssl/opensslv.h>
 
 const char *RC4_options(void)
diff --git a/crypto/openssl/crypto/rc5/asm/rc5-586.pl b/crypto/openssl/crypto/rc5/asm/rc5-586.pl
index e58a98bc83b60..af11be816259c 100644
--- a/crypto/openssl/crypto/rc5/asm/rc5-586.pl
+++ b/crypto/openssl/crypto/rc5/asm/rc5-586.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -32,7 +32,7 @@ $tmp4="edx";
 &cbc("RC5_32_cbc_encrypt","RC5_32_encrypt","RC5_32_decrypt",0,4,5,3,-1,-1);
 &asm_finish();
 
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
 
 sub RC5_32_encrypt
 	{
diff --git a/crypto/openssl/crypto/rc5/rc5_ecb.c b/crypto/openssl/crypto/rc5/rc5_ecb.c
index c32f38e473e89..94ec646390dd4 100644
--- a/crypto/openssl/crypto/rc5/rc5_ecb.c
+++ b/crypto/openssl/crypto/rc5/rc5_ecb.c
@@ -8,7 +8,7 @@
  */
 
 #include <openssl/rc5.h>
-#include "rc5_locl.h"
+#include "rc5_local.h"
 #include <openssl/opensslv.h>
 
 void RC5_32_ecb_encrypt(const unsigned char *in, unsigned char *out,
diff --git a/crypto/openssl/crypto/rc5/rc5_enc.c b/crypto/openssl/crypto/rc5/rc5_enc.c
index 58631dee20d25..75ddeb2eaf2b9 100644
--- a/crypto/openssl/crypto/rc5/rc5_enc.c
+++ b/crypto/openssl/crypto/rc5/rc5_enc.c
@@ -9,7 +9,7 @@
 
 #include <stdio.h>
 #include <openssl/rc5.h>
-#include "rc5_locl.h"
+#include "rc5_local.h"
 
 void RC5_32_cbc_encrypt(const unsigned char *in, unsigned char *out,
                         long length, RC5_32_KEY *ks, unsigned char *iv,
diff --git a/crypto/openssl/crypto/rc5/rc5_locl.h b/crypto/openssl/crypto/rc5/rc5_local.h
index 41130fe33be47..41130fe33be47 100644
--- a/crypto/openssl/crypto/rc5/rc5_locl.h
+++ b/crypto/openssl/crypto/rc5/rc5_local.h
diff --git a/crypto/openssl/crypto/rc5/rc5_skey.c b/crypto/openssl/crypto/rc5/rc5_skey.c
index 943a7849bb895..b2e6bbb1af244 100644
--- a/crypto/openssl/crypto/rc5/rc5_skey.c
+++ b/crypto/openssl/crypto/rc5/rc5_skey.c
@@ -8,7 +8,7 @@
  */
 
 #include <openssl/rc5.h>
-#include "rc5_locl.h"
+#include "rc5_local.h"
 
 void RC5_32_set_key(RC5_32_KEY *key, int len, const unsigned char *data,
                     int rounds)
diff --git a/crypto/openssl/crypto/rc5/rc5cfb64.c b/crypto/openssl/crypto/rc5/rc5cfb64.c
index 9a8aa6b244c9c..cfce7ec1e84c9 100644
--- a/crypto/openssl/crypto/rc5/rc5cfb64.c
+++ b/crypto/openssl/crypto/rc5/rc5cfb64.c
@@ -8,7 +8,7 @@
  */
 
 #include <openssl/rc5.h>
-#include "rc5_locl.h"
+#include "rc5_local.h"
 
 /*
  * The input and output encrypted as though 64bit cfb mode is being used.
diff --git a/crypto/openssl/crypto/rc5/rc5ofb64.c b/crypto/openssl/crypto/rc5/rc5ofb64.c
index 3a41d773cb6ec..224eb968579c8 100644
--- a/crypto/openssl/crypto/rc5/rc5ofb64.c
+++ b/crypto/openssl/crypto/rc5/rc5ofb64.c
@@ -8,7 +8,7 @@
  */
 
 #include <openssl/rc5.h>
-#include "rc5_locl.h"
+#include "rc5_local.h"
 
 /*
  * The input and output encrypted as though 64bit ofb mode is being used.
diff --git a/crypto/openssl/crypto/ripemd/asm/rmd-586.pl b/crypto/openssl/crypto/ripemd/asm/rmd-586.pl
index 84aa7ced17c06..e8d02812ba5e3 100644
--- a/crypto/openssl/crypto/ripemd/asm/rmd-586.pl
+++ b/crypto/openssl/crypto/ripemd/asm/rmd-586.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -70,7 +70,7 @@ $KR3=0x7A6D76E9;
 &ripemd160_block("ripemd160_block_asm_data_order");
 &asm_finish();
 
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
 
 sub Xv
 	{
diff --git a/crypto/openssl/crypto/ripemd/rmd_dgst.c b/crypto/openssl/crypto/ripemd/rmd_dgst.c
index a1670c7fbd833..e9e440f18c106 100644
--- a/crypto/openssl/crypto/ripemd/rmd_dgst.c
+++ b/crypto/openssl/crypto/ripemd/rmd_dgst.c
@@ -8,7 +8,7 @@
  */
 
 #include <stdio.h>
-#include "rmd_locl.h"
+#include "rmd_local.h"
 #include <openssl/opensslv.h>
 
 #ifdef RMD160_ASM
@@ -39,7 +39,7 @@ void ripemd160_block_data_order(RIPEMD160_CTX *ctx, const void *p, size_t num)
     register unsigned MD32_REG_T A, B, C, D, E;
     unsigned MD32_REG_T a, b, c, d, e, l;
 # ifndef MD32_XARRAY
-    /* See comment in crypto/sha/sha_locl.h for details. */
+    /* See comment in crypto/sha/sha_local.h for details. */
     unsigned MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7,
         XX8, XX9, XX10, XX11, XX12, XX13, XX14, XX15;
 #  define X(i)   XX##i
diff --git a/crypto/openssl/crypto/ripemd/rmd_locl.h b/crypto/openssl/crypto/ripemd/rmd_local.h
index f1ae4323ca9bf..f3604e349006b 100644
--- a/crypto/openssl/crypto/ripemd/rmd_locl.h
+++ b/crypto/openssl/crypto/ripemd/rmd_local.h
@@ -13,7 +13,7 @@
 #include <openssl/ripemd.h>
 
 /*
- * DO EXAMINE COMMENTS IN crypto/md5/md5_locl.h & crypto/md5/md5_dgst.c
+ * DO EXAMINE COMMENTS IN crypto/md5/md5_local.h & crypto/md5/md5_dgst.c
  * FOR EXPLANATIONS ON FOLLOWING "CODE."
  */
 #ifdef RMD160_ASM
@@ -42,7 +42,7 @@ void ripemd160_block_data_order(RIPEMD160_CTX *c, const void *p, size_t num);
         } while (0)
 #define HASH_BLOCK_DATA_ORDER   ripemd160_block_data_order
 
-#include "internal/md32_common.h"
+#include "crypto/md32_common.h"
 
 /*
  * Transformed F2 and F4 are courtesy of Wei Dai
diff --git a/crypto/openssl/crypto/rsa/rsa_ameth.c b/crypto/openssl/crypto/rsa/rsa_ameth.c
index 9dcb85d837573..6692a51ed8fe4 100644
--- a/crypto/openssl/crypto/rsa/rsa_ameth.c
+++ b/crypto/openssl/crypto/rsa/rsa_ameth.c
@@ -13,9 +13,9 @@
 #include <openssl/x509.h>
 #include <openssl/bn.h>
 #include <openssl/cms.h>
-#include "internal/asn1_int.h"
-#include "internal/evp_int.h"
-#include "rsa_locl.h"
+#include "crypto/asn1.h"
+#include "crypto/evp.h"
+#include "rsa_local.h"
 
 #ifndef OPENSSL_NO_CMS
 static int rsa_cms_sign(CMS_SignerInfo *si);
diff --git a/crypto/openssl/crypto/rsa/rsa_asn1.c b/crypto/openssl/crypto/rsa/rsa_asn1.c
index 9fe62c82eb2fe..e8df8d762e16f 100644
--- a/crypto/openssl/crypto/rsa/rsa_asn1.c
+++ b/crypto/openssl/crypto/rsa/rsa_asn1.c
@@ -12,7 +12,7 @@
 #include <openssl/bn.h>
 #include <openssl/x509.h>
 #include <openssl/asn1t.h>
-#include "rsa_locl.h"
+#include "rsa_local.h"
 
 /*
  * Override the default free and new methods,
diff --git a/crypto/openssl/crypto/rsa/rsa_chk.c b/crypto/openssl/crypto/rsa/rsa_chk.c
index 1b69be30ca41d..b4ba7fce3ffbe 100644
--- a/crypto/openssl/crypto/rsa/rsa_chk.c
+++ b/crypto/openssl/crypto/rsa/rsa_chk.c
@@ -9,7 +9,7 @@
 
 #include <openssl/bn.h>
 #include <openssl/err.h>
-#include "rsa_locl.h"
+#include "rsa_local.h"
 
 int RSA_check_key(const RSA *key)
 {
diff --git a/crypto/openssl/crypto/rsa/rsa_crpt.c b/crypto/openssl/crypto/rsa/rsa_crpt.c
index f4ef8b4381f71..f1131ce9e0ad5 100644
--- a/crypto/openssl/crypto/rsa/rsa_crpt.c
+++ b/crypto/openssl/crypto/rsa/rsa_crpt.c
@@ -10,9 +10,9 @@
 #include <stdio.h>
 #include <openssl/crypto.h>
 #include "internal/cryptlib.h"
-#include "internal/bn_int.h"
+#include "crypto/bn.h"
 #include <openssl/rand.h>
-#include "rsa_locl.h"
+#include "rsa_local.h"
 
 int RSA_bits(const RSA *r)
 {
diff --git a/crypto/openssl/crypto/rsa/rsa_gen.c b/crypto/openssl/crypto/rsa/rsa_gen.c
index 2b818088606cd..29056a62a1ae0 100644
--- a/crypto/openssl/crypto/rsa/rsa_gen.c
+++ b/crypto/openssl/crypto/rsa/rsa_gen.c
@@ -17,7 +17,7 @@
 #include <time.h>
 #include "internal/cryptlib.h"
 #include <openssl/bn.h>
-#include "rsa_locl.h"
+#include "rsa_local.h"
 
 static int rsa_builtin_keygen(RSA *rsa, int bits, int primes, BIGNUM *e_value,
                               BN_GENCB *cb);
diff --git a/crypto/openssl/crypto/rsa/rsa_lib.c b/crypto/openssl/crypto/rsa/rsa_lib.c
index e737a28898cc8..63fd1a6db492e 100644
--- a/crypto/openssl/crypto/rsa/rsa_lib.c
+++ b/crypto/openssl/crypto/rsa/rsa_lib.c
@@ -11,11 +11,11 @@
 #include <openssl/crypto.h>
 #include "internal/cryptlib.h"
 #include "internal/refcount.h"
-#include "internal/bn_int.h"
+#include "crypto/bn.h"
 #include <openssl/engine.h>
 #include <openssl/evp.h>
-#include "internal/evp_int.h"
-#include "rsa_locl.h"
+#include "crypto/evp.h"
+#include "rsa_local.h"
 
 RSA *RSA_new(void)
 {
@@ -451,6 +451,11 @@ const BIGNUM *RSA_get0_iqmp(const RSA *r)
     return r->iqmp;
 }
 
+const RSA_PSS_PARAMS *RSA_get0_pss_params(const RSA *r)
+{
+    return r->pss;
+}
+
 void RSA_clear_flags(RSA *r, int flags)
 {
     r->flags &= ~flags;
diff --git a/crypto/openssl/crypto/rsa/rsa_locl.h b/crypto/openssl/crypto/rsa/rsa_local.h
index 2b94462a94c6f..2b94462a94c6f 100644
--- a/crypto/openssl/crypto/rsa/rsa_locl.h
+++ b/crypto/openssl/crypto/rsa/rsa_local.h
diff --git a/crypto/openssl/crypto/rsa/rsa_meth.c b/crypto/openssl/crypto/rsa/rsa_meth.c
index def19f375f920..2845b79db8ef7 100644
--- a/crypto/openssl/crypto/rsa/rsa_meth.c
+++ b/crypto/openssl/crypto/rsa/rsa_meth.c
@@ -8,7 +8,7 @@
  */
 
 #include <string.h>
-#include "rsa_locl.h"
+#include "rsa_local.h"
 #include <openssl/err.h>
 
 RSA_METHOD *RSA_meth_new(const char *name, int flags)
diff --git a/crypto/openssl/crypto/rsa/rsa_mp.c b/crypto/openssl/crypto/rsa/rsa_mp.c
index e7e810823b277..44dda8f800bcb 100644
--- a/crypto/openssl/crypto/rsa/rsa_mp.c
+++ b/crypto/openssl/crypto/rsa/rsa_mp.c
@@ -10,7 +10,7 @@
 
 #include <openssl/bn.h>
 #include <openssl/err.h>
-#include "rsa_locl.h"
+#include "rsa_local.h"
 
 void rsa_multip_info_free_ex(RSA_PRIME_INFO *pinfo)
 {
diff --git a/crypto/openssl/crypto/rsa/rsa_oaep.c b/crypto/openssl/crypto/rsa/rsa_oaep.c
index 48b888bf27adb..302360a96415c 100644
--- a/crypto/openssl/crypto/rsa/rsa_oaep.c
+++ b/crypto/openssl/crypto/rsa/rsa_oaep.c
@@ -20,7 +20,7 @@
  * one-wayness.  For the RSA function, this is an equivalent notion.
  */
 
-#include "internal/constant_time_locl.h"
+#include "internal/constant_time.h"
 
 #include <stdio.h>
 #include "internal/cryptlib.h"
@@ -28,7 +28,7 @@
 #include <openssl/evp.h>
 #include <openssl/rand.h>
 #include <openssl/sha.h>
-#include "rsa_locl.h"
+#include "rsa_local.h"
 
 int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
                                const unsigned char *from, int flen,
diff --git a/crypto/openssl/crypto/rsa/rsa_ossl.c b/crypto/openssl/crypto/rsa/rsa_ossl.c
index c8c3b7886aa9a..b52a66f6a6280 100644
--- a/crypto/openssl/crypto/rsa/rsa_ossl.c
+++ b/crypto/openssl/crypto/rsa/rsa_ossl.c
@@ -8,9 +8,9 @@
  */
 
 #include "internal/cryptlib.h"
-#include "internal/bn_int.h"
-#include "rsa_locl.h"
-#include "internal/constant_time_locl.h"
+#include "crypto/bn.h"
+#include "rsa_local.h"
+#include "internal/constant_time.h"
 
 static int rsa_ossl_public_encrypt(int flen, const unsigned char *from,
                                   unsigned char *to, RSA *rsa, int padding);
diff --git a/crypto/openssl/crypto/rsa/rsa_pk1.c b/crypto/openssl/crypto/rsa/rsa_pk1.c
index 5260d12f4c913..a3d0b7cef81ef 100644
--- a/crypto/openssl/crypto/rsa/rsa_pk1.c
+++ b/crypto/openssl/crypto/rsa/rsa_pk1.c
@@ -7,7 +7,7 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include "internal/constant_time_locl.h"
+#include "internal/constant_time.h"
 
 #include <stdio.h>
 #include "internal/cryptlib.h"
@@ -57,7 +57,7 @@ int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen,
      * D  - data.
      */
 
-    if (num < 11)
+    if (num < RSA_PKCS1_PADDING_SIZE)
         return -1;
 
     /* Accept inputs with and without the leading 0-byte. */
@@ -120,7 +120,7 @@ int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen,
     int i, j;
     unsigned char *p;
 
-    if (flen > (tlen - 11)) {
+    if (flen > (tlen - RSA_PKCS1_PADDING_SIZE)) {
         RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2,
                RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
         return 0;
@@ -169,7 +169,7 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
      * section 7.2.2.
      */
 
-    if (flen > num || num < 11) {
+    if (flen > num || num < RSA_PKCS1_PADDING_SIZE) {
         RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,
                RSA_R_PKCS_DECODING_ERROR);
         return -1;
@@ -226,8 +226,8 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
     good &= constant_time_ge(tlen, mlen);
 
     /*
-     * Move the result in-place by |num|-11-|mlen| bytes to the left.
-     * Then if |good| move |mlen| bytes from |em|+11 to |to|.
+     * Move the result in-place by |num|-RSA_PKCS1_PADDING_SIZE-|mlen| bytes to the left.
+     * Then if |good| move |mlen| bytes from |em|+RSA_PKCS1_PADDING_SIZE to |to|.
      * Otherwise leave |to| unchanged.
      * Copy the memory back in a way that does not reveal the size of
      * the data being copied via a timing side channel. This requires copying
@@ -235,16 +235,16 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
      * length. Clear bits do a non-copy with identical access pattern.
      * The loop below has overall complexity of O(N*log(N)).
      */
-    tlen = constant_time_select_int(constant_time_lt(num - 11, tlen),
-                                    num - 11, tlen);
-    for (msg_index = 1; msg_index < num - 11; msg_index <<= 1) {
-        mask = ~constant_time_eq(msg_index & (num - 11 - mlen), 0);
-        for (i = 11; i < num - msg_index; i++)
+    tlen = constant_time_select_int(constant_time_lt(num - RSA_PKCS1_PADDING_SIZE, tlen),
+                                    num - RSA_PKCS1_PADDING_SIZE, tlen);
+    for (msg_index = 1; msg_index < num - RSA_PKCS1_PADDING_SIZE; msg_index <<= 1) {
+        mask = ~constant_time_eq(msg_index & (num - RSA_PKCS1_PADDING_SIZE - mlen), 0);
+        for (i = RSA_PKCS1_PADDING_SIZE; i < num - msg_index; i++)
             em[i] = constant_time_select_8(mask, em[i + msg_index], em[i]);
     }
     for (i = 0; i < tlen; i++) {
         mask = good & constant_time_lt(i, mlen);
-        to[i] = constant_time_select_8(mask, em[i + 11], to[i]);
+        to[i] = constant_time_select_8(mask, em[i + RSA_PKCS1_PADDING_SIZE], to[i]);
     }
 
     OPENSSL_clear_free(em, num);
diff --git a/crypto/openssl/crypto/rsa/rsa_pmeth.c b/crypto/openssl/crypto/rsa/rsa_pmeth.c
index 082ab8fd8a1f2..0eb21c8af9756 100644
--- a/crypto/openssl/crypto/rsa/rsa_pmeth.c
+++ b/crypto/openssl/crypto/rsa/rsa_pmeth.c
@@ -7,7 +7,7 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include "internal/constant_time_locl.h"
+#include "internal/constant_time.h"
 
 #include <stdio.h>
 #include "internal/cryptlib.h"
@@ -18,8 +18,8 @@
 #include <openssl/evp.h>
 #include <openssl/x509v3.h>
 #include <openssl/cms.h>
-#include "internal/evp_int.h"
-#include "rsa_locl.h"
+#include "crypto/evp.h"
+#include "rsa_local.h"
 
 /* RSA pkey context structure */
 
diff --git a/crypto/openssl/crypto/rsa/rsa_pss.c b/crypto/openssl/crypto/rsa/rsa_pss.c
index f7c575d00ab12..40ce1c4d378a6 100644
--- a/crypto/openssl/crypto/rsa/rsa_pss.c
+++ b/crypto/openssl/crypto/rsa/rsa_pss.c
@@ -14,7 +14,7 @@
 #include <openssl/evp.h>
 #include <openssl/rand.h>
 #include <openssl/sha.h>
-#include "rsa_locl.h"
+#include "rsa_local.h"
 
 static const unsigned char zeroes[] = { 0, 0, 0, 0, 0, 0, 0, 0 };
 
diff --git a/crypto/openssl/crypto/rsa/rsa_sign.c b/crypto/openssl/crypto/rsa/rsa_sign.c
index 952d24fb8ae41..7fc69361bf0a3 100644
--- a/crypto/openssl/crypto/rsa/rsa_sign.c
+++ b/crypto/openssl/crypto/rsa/rsa_sign.c
@@ -13,8 +13,8 @@
 #include <openssl/rsa.h>
 #include <openssl/objects.h>
 #include <openssl/x509.h>
-#include "internal/x509_int.h"
-#include "rsa_locl.h"
+#include "crypto/x509.h"
+#include "rsa_local.h"
 
 /* Size of an SSL signature: MD5+SHA1 */
 #define SSL_SIG_LENGTH  36
diff --git a/crypto/openssl/crypto/rsa/rsa_ssl.c b/crypto/openssl/crypto/rsa/rsa_ssl.c
index 3859128a6d808..1f155be175da7 100644
--- a/crypto/openssl/crypto/rsa/rsa_ssl.c
+++ b/crypto/openssl/crypto/rsa/rsa_ssl.c
@@ -12,7 +12,7 @@
 #include <openssl/bn.h>
 #include <openssl/rsa.h>
 #include <openssl/rand.h>
-#include "internal/constant_time_locl.h"
+#include "internal/constant_time.h"
 
 int RSA_padding_add_SSLv23(unsigned char *to, int tlen,
                            const unsigned char *from, int flen)
@@ -20,7 +20,7 @@ int RSA_padding_add_SSLv23(unsigned char *to, int tlen,
     int i, j;
     unsigned char *p;
 
-    if (flen > (tlen - 11)) {
+    if (flen > (tlen - RSA_PKCS1_PADDING_SIZE)) {
         RSAerr(RSA_F_RSA_PADDING_ADD_SSLV23,
                RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
         return 0;
@@ -70,7 +70,7 @@ int RSA_padding_check_SSLv23(unsigned char *to, int tlen,
     if (tlen <= 0 || flen <= 0)
         return -1;
 
-    if (flen > num || num < 11) {
+    if (flen > num || num < RSA_PKCS1_PADDING_SIZE) {
         RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_DATA_TOO_SMALL);
         return -1;
     }
@@ -141,8 +141,8 @@ int RSA_padding_check_SSLv23(unsigned char *to, int tlen,
     err = constant_time_select_int(mask | good, err, RSA_R_DATA_TOO_LARGE);
 
     /*
-     * Move the result in-place by |num|-11-|mlen| bytes to the left.
-     * Then if |good| move |mlen| bytes from |em|+11 to |to|.
+     * Move the result in-place by |num|-RSA_PKCS1_PADDING_SIZE-|mlen| bytes to the left.
+     * Then if |good| move |mlen| bytes from |em|+RSA_PKCS1_PADDING_SIZE to |to|.
      * Otherwise leave |to| unchanged.
      * Copy the memory back in a way that does not reveal the size of
      * the data being copied via a timing side channel. This requires copying
@@ -150,16 +150,16 @@ int RSA_padding_check_SSLv23(unsigned char *to, int tlen,
      * length. Clear bits do a non-copy with identical access pattern.
      * The loop below has overall complexity of O(N*log(N)).
      */
-    tlen = constant_time_select_int(constant_time_lt(num - 11, tlen),
-                                    num - 11, tlen);
-    for (msg_index = 1; msg_index < num - 11; msg_index <<= 1) {
-        mask = ~constant_time_eq(msg_index & (num - 11 - mlen), 0);
-        for (i = 11; i < num - msg_index; i++)
+    tlen = constant_time_select_int(constant_time_lt(num - RSA_PKCS1_PADDING_SIZE, tlen),
+                                    num - RSA_PKCS1_PADDING_SIZE, tlen);
+    for (msg_index = 1; msg_index < num - RSA_PKCS1_PADDING_SIZE; msg_index <<= 1) {
+        mask = ~constant_time_eq(msg_index & (num - RSA_PKCS1_PADDING_SIZE - mlen), 0);
+        for (i = RSA_PKCS1_PADDING_SIZE; i < num - msg_index; i++)
             em[i] = constant_time_select_8(mask, em[i + msg_index], em[i]);
     }
     for (i = 0; i < tlen; i++) {
         mask = good & constant_time_lt(i, mlen);
-        to[i] = constant_time_select_8(mask, em[i + 11], to[i]);
+        to[i] = constant_time_select_8(mask, em[i + RSA_PKCS1_PADDING_SIZE], to[i]);
     }
 
     OPENSSL_clear_free(em, num);
diff --git a/crypto/openssl/crypto/rsa/rsa_x931g.c b/crypto/openssl/crypto/rsa/rsa_x931g.c
index e7ac476bb4a4f..322cd14a840d6 100644
--- a/crypto/openssl/crypto/rsa/rsa_x931g.c
+++ b/crypto/openssl/crypto/rsa/rsa_x931g.c
@@ -12,7 +12,7 @@
 #include <time.h>
 #include <openssl/err.h>
 #include <openssl/bn.h>
-#include "rsa_locl.h"
+#include "rsa_local.h"
 
 /* X9.31 RSA key derivation and generation */
 
diff --git a/crypto/openssl/crypto/s390x_arch.h b/crypto/openssl/crypto/s390x_arch.h
index 4a775a927db76..4d2cc02eb3d30 100644
--- a/crypto/openssl/crypto/s390x_arch.h
+++ b/crypto/openssl/crypto/s390x_arch.h
@@ -7,8 +7,8 @@
  * https://www.openssl.org/source/license.html
  */
 
-#ifndef S390X_ARCH_H
-# define S390X_ARCH_H
+#ifndef OSSL_CRYPTO_S390X_ARCH_H
+# define OSSL_CRYPTO_S390X_ARCH_H
 
 # ifndef __ASSEMBLER__
 
diff --git a/crypto/openssl/crypto/s390xcpuid.pl b/crypto/openssl/crypto/s390xcpuid.pl
index ec700a47d98e9..5cbb962530c57 100755
--- a/crypto/openssl/crypto/s390xcpuid.pl
+++ b/crypto/openssl/crypto/s390xcpuid.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2009-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -418,4 +418,4 @@ ___
 
 $code =~ s/\`([^\`]*)\`/eval $1/gem;
 print $code;
-close STDOUT;	# force flush
+close STDOUT or die "error closing STDOUT: $!";	# force flush
diff --git a/crypto/openssl/crypto/seed/seed.c b/crypto/openssl/crypto/seed/seed.c
index d62da91edea68..c3a1f183a5cc3 100644
--- a/crypto/openssl/crypto/seed/seed.c
+++ b/crypto/openssl/crypto/seed/seed.c
@@ -42,7 +42,7 @@
 # endif
 
 # include <openssl/seed.h>
-# include "seed_locl.h"
+# include "seed_local.h"
 
 # ifdef SS                      /* can get defined on Solaris by inclusion of
                                  * <stdlib.h> */
diff --git a/crypto/openssl/crypto/seed/seed_locl.h b/crypto/openssl/crypto/seed/seed_local.h
index ac2950d97c2b3..e3681f8bd4555 100644
--- a/crypto/openssl/crypto/seed/seed_locl.h
+++ b/crypto/openssl/crypto/seed/seed_local.h
@@ -32,8 +32,8 @@
  * SUCH DAMAGE.
  *
  */
-#ifndef HEADER_SEED_LOCL_H
-# define HEADER_SEED_LOCL_H
+#ifndef OSSL_CRYPTO_SEED_LOCAL_H
+# define OSSL_CRYPTO_SEED_LOCAL_H
 
 # include "openssl/e_os2.h"
 # include <openssl/seed.h>
@@ -109,4 +109,4 @@ typedef unsigned int seed_word;
         (X1) ^= (T0);                            \
         (X2) ^= (T1)
 
-#endif                          /* HEADER_SEED_LOCL_H */
+#endif                          /* OSSL_CRYPTO_SEED_LOCAL_H */
diff --git a/crypto/openssl/crypto/sha/asm/keccak1600-armv4.pl b/crypto/openssl/crypto/sha/asm/keccak1600-armv4.pl
index cb8ccc90f5b93..39fe559e974b0 100755
--- a/crypto/openssl/crypto/sha/asm/keccak1600-armv4.pl
+++ b/crypto/openssl/crypto/sha/asm/keccak1600-armv4.pl
@@ -1,5 +1,5 @@
 #!/usr/bin/env perl
-# Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -1603,4 +1603,4 @@ foreach (split($/,$code)) {
 	print $_,"\n";
 }
 
-close STDOUT; # enforce flush
+close STDOUT or die "error closing STDOUT: $!"; # enforce flush
diff --git a/crypto/openssl/crypto/sha/asm/keccak1600-armv8.pl b/crypto/openssl/crypto/sha/asm/keccak1600-armv8.pl
index 3173c77f53631..ce5df4d6de1b3 100755
--- a/crypto/openssl/crypto/sha/asm/keccak1600-armv8.pl
+++ b/crypto/openssl/crypto/sha/asm/keccak1600-armv8.pl
@@ -1,5 +1,5 @@
 #!/usr/bin/env perl
-# Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -877,4 +877,4 @@ foreach(split("\n",$code)) {
 	print $_,"\n";
 }
 
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/sha/asm/keccak1600-avx2.pl b/crypto/openssl/crypto/sha/asm/keccak1600-avx2.pl
index d9fc1c59ec29d..6104caf4ff1f3 100755
--- a/crypto/openssl/crypto/sha/asm/keccak1600-avx2.pl
+++ b/crypto/openssl/crypto/sha/asm/keccak1600-avx2.pl
@@ -1,5 +1,5 @@
 #!/usr/bin/env perl
-# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -479,4 +479,4 @@ ___
 $output=pop;
 open STDOUT,">$output";
 print $code;
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/sha/asm/keccak1600-avx512.pl b/crypto/openssl/crypto/sha/asm/keccak1600-avx512.pl
index 9074ff02dec33..6bfff78817569 100755
--- a/crypto/openssl/crypto/sha/asm/keccak1600-avx512.pl
+++ b/crypto/openssl/crypto/sha/asm/keccak1600-avx512.pl
@@ -1,5 +1,5 @@
 #!/usr/bin/env perl
-# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -548,4 +548,4 @@ ___
 $output=pop;
 open STDOUT,">$output";
 print $code;
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/sha/asm/keccak1600-avx512vl.pl b/crypto/openssl/crypto/sha/asm/keccak1600-avx512vl.pl
index a21bb8615a7cb..446706fc67d11 100755
--- a/crypto/openssl/crypto/sha/asm/keccak1600-avx512vl.pl
+++ b/crypto/openssl/crypto/sha/asm/keccak1600-avx512vl.pl
@@ -1,5 +1,5 @@
 #!/usr/bin/env perl
-# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -389,4 +389,4 @@ ___
 $output=pop;
 open STDOUT,">$output";
 print $code;
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/sha/asm/keccak1600-c64x.pl b/crypto/openssl/crypto/sha/asm/keccak1600-c64x.pl
index b00af9af91d84..4d1bbee2cfdd5 100755
--- a/crypto/openssl/crypto/sha/asm/keccak1600-c64x.pl
+++ b/crypto/openssl/crypto/sha/asm/keccak1600-c64x.pl
@@ -1,5 +1,5 @@
 #!/usr/bin/env perl
-# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -882,4 +882,4 @@ ___
 $output=pop;
 open STDOUT,">$output";
 print $code;
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/sha/asm/keccak1600-mmx.pl b/crypto/openssl/crypto/sha/asm/keccak1600-mmx.pl
index c7685add79dd8..353f1e147c3b7 100755
--- a/crypto/openssl/crypto/sha/asm/keccak1600-mmx.pl
+++ b/crypto/openssl/crypto/sha/asm/keccak1600-mmx.pl
@@ -1,5 +1,5 @@
 #!/usr/bin/env perl
-# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -30,7 +30,7 @@
 # produce worse code. On the other hand one can wonder why not 128-bit
 # SSE2? Well, SSE2 won't provide double improvement, rather far from
 # that, if any at all on some processors, because it will take extra
-# permutations and inter-bank data trasfers. Besides, contemporary
+# permutations and inter-bank data transfers. Besides, contemporary
 # CPUs are better off executing 64-bit code, and it makes lesser sense
 # to invest into fancy 32-bit code. And the decision doesn't seem to
 # be inadequate, if one compares below results to "64-bit platforms in
@@ -437,4 +437,4 @@ sub Rho() {				######### regular Rho step
 
 &asm_finish();
 
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/sha/asm/keccak1600-ppc64.pl b/crypto/openssl/crypto/sha/asm/keccak1600-ppc64.pl
index 30e70c5d6d7b9..11b6329f09c0e 100755
--- a/crypto/openssl/crypto/sha/asm/keccak1600-ppc64.pl
+++ b/crypto/openssl/crypto/sha/asm/keccak1600-ppc64.pl
@@ -1,5 +1,5 @@
 #!/usr/bin/env perl
-# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -755,4 +755,4 @@ ___
 
 $code =~ s/\`([^\`]*)\`/eval $1/gem;
 print $code;
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/sha/asm/keccak1600-s390x.pl b/crypto/openssl/crypto/sha/asm/keccak1600-s390x.pl
index 1184cf233eba2..a7d819a590576 100755
--- a/crypto/openssl/crypto/sha/asm/keccak1600-s390x.pl
+++ b/crypto/openssl/crypto/sha/asm/keccak1600-s390x.pl
@@ -1,5 +1,5 @@
 #!/usr/bin/env perl
-# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -557,4 +557,4 @@ ___
 $code =~ s/(srlg\s+)(%r[0-9]+),/$1$2,$2,/gm;
 
 print $code;
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/sha/asm/keccak1600-x86_64.pl b/crypto/openssl/crypto/sha/asm/keccak1600-x86_64.pl
index 42de5bf123447..b1a7e65e6baa4 100755
--- a/crypto/openssl/crypto/sha/asm/keccak1600-x86_64.pl
+++ b/crypto/openssl/crypto/sha/asm/keccak1600-x86_64.pl
@@ -1,5 +1,5 @@
 #!/usr/bin/env perl
-# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -44,7 +44,7 @@
 # Ryzen			8.8
 #
 # (*)	Corresponds to SHA3-256. Improvement over compiler-generate
-#	varies a lot, most commont coefficient is 15% in comparison to
+#	varies a lot, most common coefficient is 15% in comparison to
 #	gcc-5.x, 50% for gcc-4.x, 90% for gcc-3.x.
 # (**)	Sandy Bridge has broken rotate instruction. Performance can be
 #	improved by 14% by replacing rotates with double-precision
@@ -84,6 +84,7 @@ $code.=<<___;
 .type	__KeccakF1600,\@abi-omnipotent
 .align	32
 __KeccakF1600:
+.cfi_startproc
 	mov	$A[4][0](%rdi),@C[0]
 	mov	$A[4][1](%rdi),@C[1]
 	mov	$A[4][2](%rdi),@C[2]
@@ -342,6 +343,7 @@ $code.=<<___;
 
 	lea	-192($iotas),$iotas	# rewind iotas
 	ret
+.cfi_endproc
 .size	__KeccakF1600,.-__KeccakF1600
 
 .type	KeccakF1600,\@abi-omnipotent
@@ -604,4 +606,4 @@ foreach (split("\n",$code)) {
 	print $_, "\n";
 }
 
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/sha/asm/keccak1600p8-ppc.pl b/crypto/openssl/crypto/sha/asm/keccak1600p8-ppc.pl
index de2bcd660a092..c04c7deafeda0 100755
--- a/crypto/openssl/crypto/sha/asm/keccak1600p8-ppc.pl
+++ b/crypto/openssl/crypto/sha/asm/keccak1600p8-ppc.pl
@@ -1,5 +1,5 @@
 #!/usr/bin/env perl
-# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -847,4 +847,4 @@ foreach  (split("\n",$code)) {
 	print $_,"\n";
 }
 
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/sha/asm/sha1-586.pl b/crypto/openssl/crypto/sha/asm/sha1-586.pl
index 9d4ff7f39a52f..f7b85e6c6d7ef 100644
--- a/crypto/openssl/crypto/sha/asm/sha1-586.pl
+++ b/crypto/openssl/crypto/sha/asm/sha1-586.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 1998-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -144,7 +144,7 @@ $ymm=1 if ($xmm && !$ymm && $ARGV[0] eq "win32" &&
 		`ml 2>&1` =~ /Version ([0-9]+)\./ &&
 		$1>=10);	# first version supporting AVX
 
-$ymm=1 if ($xmm && !$ymm && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9]\.[0-9]+)/ &&
+$ymm=1 if ($xmm && !$ymm && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([0-9]+\.[0-9]+)/ &&
 		$2>=3.0);	# first version supporting AVX
 
 $shaext=$xmm;	### set to zero if compiling for 1.0.1
@@ -1488,4 +1488,4 @@ sub Xtail_avx()
 
 &asm_finish();
 
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/sha/asm/sha1-armv4-large.pl b/crypto/openssl/crypto/sha/asm/sha1-armv4-large.pl
index 7ff5bfbba6cbf..52d426bb29f8e 100755
--- a/crypto/openssl/crypto/sha/asm/sha1-armv4-large.pl
+++ b/crypto/openssl/crypto/sha/asm/sha1-armv4-large.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -739,4 +739,4 @@ foreach (split($/,$code)) {
 	print $_,$/;
 }
 
-close STDOUT; # enforce flush
+close STDOUT or die "error closing STDOUT: $!"; # enforce flush
diff --git a/crypto/openssl/crypto/sha/asm/sha1-armv8.pl b/crypto/openssl/crypto/sha/asm/sha1-armv8.pl
index 3ba871fedee65..aa44feb9c7c53 100755
--- a/crypto/openssl/crypto/sha/asm/sha1-armv8.pl
+++ b/crypto/openssl/crypto/sha/asm/sha1-armv8.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -361,4 +361,4 @@ foreach(split("\n",$code)) {
 	print $_,"\n";
 }
 
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/sha/asm/sha1-c64xplus.pl b/crypto/openssl/crypto/sha/asm/sha1-c64xplus.pl
index 4db2bcb06b317..ceec503a9829e 100755
--- a/crypto/openssl/crypto/sha/asm/sha1-c64xplus.pl
+++ b/crypto/openssl/crypto/sha/asm/sha1-c64xplus.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -334,4 +334,4 @@ $code.=<<___;
 ___
 
 print $code;
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/sha/asm/sha1-mb-x86_64.pl b/crypto/openssl/crypto/sha/asm/sha1-mb-x86_64.pl
index 443b649830f45..a78266d62fc3d 100755
--- a/crypto/openssl/crypto/sha/asm/sha1-mb-x86_64.pl
+++ b/crypto/openssl/crypto/sha/asm/sha1-mb-x86_64.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2013-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -66,7 +66,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
 	$avx = ($1>=10) + ($1>=11);
 }
 
-if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/) {
+if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([0-9]+\.[0-9]+)/) {
 	$avx = ($2>=3.0) + ($2>3.0);
 }
 
@@ -1625,4 +1625,4 @@ foreach (split("\n",$code)) {
 	print $_,"\n";
 }
 
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/sha/asm/sha1-mips.pl b/crypto/openssl/crypto/sha/asm/sha1-mips.pl
index 08f84bc3b3d9b..c293cd3bfa4e6 100755
--- a/crypto/openssl/crypto/sha/asm/sha1-mips.pl
+++ b/crypto/openssl/crypto/sha/asm/sha1-mips.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2009-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -458,4 +458,4 @@ $code.=<<___;
 .asciiz	"SHA1 for MIPS, CRYPTOGAMS by <appro\@openssl.org>"
 ___
 print $code;
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/sha/asm/sha1-parisc.pl b/crypto/openssl/crypto/sha/asm/sha1-parisc.pl
index b001be16a23cd..70ef7956abfa1 100755
--- a/crypto/openssl/crypto/sha/asm/sha1-parisc.pl
+++ b/crypto/openssl/crypto/sha/asm/sha1-parisc.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2009-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -276,4 +276,4 @@ foreach(split("\n",$code)) {
 
 	print $_,"\n";
 }
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/sha/asm/sha1-ppc.pl b/crypto/openssl/crypto/sha/asm/sha1-ppc.pl
index 0cda0a3e15175..650a629120087 100755
--- a/crypto/openssl/crypto/sha/asm/sha1-ppc.pl
+++ b/crypto/openssl/crypto/sha/asm/sha1-ppc.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -348,4 +348,4 @@ ___
 
 $code =~ s/\`([^\`]*)\`/eval $1/gem;
 print $code;
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/sha/asm/sha1-s390x.pl b/crypto/openssl/crypto/sha/asm/sha1-s390x.pl
index 5729c30898771..653a6cb50a8a8 100755
--- a/crypto/openssl/crypto/sha/asm/sha1-s390x.pl
+++ b/crypto/openssl/crypto/sha/asm/sha1-s390x.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -246,4 +246,4 @@ ___
 $code =~ s/\`([^\`]*)\`/eval $1/gem;
 
 print $code;
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/sha/asm/sha1-sparcv9.pl b/crypto/openssl/crypto/sha/asm/sha1-sparcv9.pl
index 3e612e3d5f68f..8c23d85a3d09a 100755
--- a/crypto/openssl/crypto/sha/asm/sha1-sparcv9.pl
+++ b/crypto/openssl/crypto/sha/asm/sha1-sparcv9.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -431,4 +431,4 @@ foreach (split("\n",$code)) {
 	print $_,"\n";
 }
 
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/sha/asm/sha1-sparcv9a.pl b/crypto/openssl/crypto/sha/asm/sha1-sparcv9a.pl
index 50d3e136a12db..4e90da4b8bc93 100755
--- a/crypto/openssl/crypto/sha/asm/sha1-sparcv9a.pl
+++ b/crypto/openssl/crypto/sha/asm/sha1-sparcv9a.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -605,4 +605,4 @@ $code =~ s/\b(alignaddr)\s+(%[goli][0-7]),(%[goli][0-7]),(%[goli][0-7])/
 		&unalignaddr($1,$2,$3,$4)
 	  /gem;
 print $code;
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/sha/asm/sha1-thumb.pl b/crypto/openssl/crypto/sha/asm/sha1-thumb.pl
index ac74a25d6ead1..b53e0bee052d3 100755
--- a/crypto/openssl/crypto/sha/asm/sha1-thumb.pl
+++ b/crypto/openssl/crypto/sha/asm/sha1-thumb.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -263,4 +263,4 @@ $code.=<<___;
 ___
 
 print $code;
-close STDOUT; # enforce flush
+close STDOUT or die "error closing STDOUT: $!"; # enforce flush
diff --git a/crypto/openssl/crypto/sha/asm/sha1-x86_64.pl b/crypto/openssl/crypto/sha/asm/sha1-x86_64.pl
index 60819f61867c5..0680d6d0a2b2a 100755
--- a/crypto/openssl/crypto/sha/asm/sha1-x86_64.pl
+++ b/crypto/openssl/crypto/sha/asm/sha1-x86_64.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -119,7 +119,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
 	$avx = ($1>=10) + ($1>=11);
 }
 
-if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([2-9]\.[0-9]+)/) {
+if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([0-9]+\.[0-9]+)/) {
 	$avx = ($2>=3.0) + ($2>3.0);
 }
 
@@ -468,8 +468,8 @@ $code.=<<___ if ($win64);
 .Lepilogue_shaext:
 ___
 $code.=<<___;
-.cfi_endproc
 	ret
+.cfi_endproc
 .size	sha1_block_data_order_shaext,.-sha1_block_data_order_shaext
 ___
 }}}
@@ -2129,4 +2129,4 @@ foreach (split("\n",$code)) {
 
 	print $_,"\n";
 }
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/sha/asm/sha256-586.pl b/crypto/openssl/crypto/sha/asm/sha256-586.pl
index dccc771ad584b..6989d59bd735e 100755
--- a/crypto/openssl/crypto/sha/asm/sha256-586.pl
+++ b/crypto/openssl/crypto/sha/asm/sha256-586.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -96,7 +96,7 @@ if ($xmm && !$avx && $ARGV[0] eq "win32" &&
 	$avx = ($1>=10) + ($1>=11);
 }
 
-if ($xmm && !$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([3-9]\.[0-9]+)/) {
+if ($xmm && !$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|based on LLVM) ([0-9]+\.[0-9]+)/) {
 	$avx = ($2>=3.0) + ($2>3.0);
 }
 
@@ -1293,4 +1293,4 @@ sub bodyx_00_15 () {			# +10%
 
 &asm_finish();
 
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/sha/asm/sha256-armv4.pl b/crypto/openssl/crypto/sha/asm/sha256-armv4.pl
index edcfc31278e37..d120febb48329 100755
--- a/crypto/openssl/crypto/sha/asm/sha256-armv4.pl
+++ b/crypto/openssl/crypto/sha/asm/sha256-armv4.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -729,4 +729,4 @@ foreach (split($/,$code)) {
 	print $_,"\n";
 }
 
-close STDOUT; # enforce flush
+close STDOUT or die "error closing STDOUT: $!"; # enforce flush
diff --git a/crypto/openssl/crypto/sha/asm/sha256-c64xplus.pl b/crypto/openssl/crypto/sha/asm/sha256-c64xplus.pl
index 3ab7d9b689463..b2d00e4fb1ab6 100755
--- a/crypto/openssl/crypto/sha/asm/sha256-c64xplus.pl
+++ b/crypto/openssl/crypto/sha/asm/sha256-c64xplus.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -317,4 +317,4 @@ K256:
 ___
 
 print $code;
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/sha/asm/sha256-mb-x86_64.pl b/crypto/openssl/crypto/sha/asm/sha256-mb-x86_64.pl
index 73978dbd81d6b..81ac814effc46 100755
--- a/crypto/openssl/crypto/sha/asm/sha256-mb-x86_64.pl
+++ b/crypto/openssl/crypto/sha/asm/sha256-mb-x86_64.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2013-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -67,7 +67,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
 	$avx = ($1>=10) + ($1>=11);
 }
 
-if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/) {
+if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([0-9]+\.[0-9]+)/) {
 	$avx = ($2>=3.0) + ($2>3.0);
 }
 
@@ -1611,4 +1611,4 @@ foreach (split("\n",$code)) {
 	print $_,"\n";
 }
 
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/sha/asm/sha512-586.pl b/crypto/openssl/crypto/sha/asm/sha512-586.pl
index 867ce30b97217..66b6e96f9ded4 100755
--- a/crypto/openssl/crypto/sha/asm/sha512-586.pl
+++ b/crypto/openssl/crypto/sha/asm/sha512-586.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -922,4 +922,4 @@ sub BODY_00_15_ssse3 {		# "phase-less" copy of BODY_00_15_sse2
 
 &asm_finish();
 
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/sha/asm/sha512-armv4.pl b/crypto/openssl/crypto/sha/asm/sha512-armv4.pl
index 0b4c5674d9df3..e9c5e0ce7687b 100755
--- a/crypto/openssl/crypto/sha/asm/sha512-armv4.pl
+++ b/crypto/openssl/crypto/sha/asm/sha512-armv4.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -665,4 +665,4 @@ while(<SELF>) {
 close SELF;
 
 print $code;
-close STDOUT; # enforce flush
+close STDOUT or die "error closing STDOUT: $!"; # enforce flush
diff --git a/crypto/openssl/crypto/sha/asm/sha512-armv8.pl b/crypto/openssl/crypto/sha/asm/sha512-armv8.pl
index 01ffe9f98c3ea..07dcba42dcf4c 100755
--- a/crypto/openssl/crypto/sha/asm/sha512-armv8.pl
+++ b/crypto/openssl/crypto/sha/asm/sha512-armv8.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2014-2019 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -902,4 +902,4 @@ foreach(split("\n",$code)) {
 	print $_,"\n";
 }
 
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/sha/asm/sha512-c64xplus.pl b/crypto/openssl/crypto/sha/asm/sha512-c64xplus.pl
index 9ebfc92e23ae7..4263fb1349aa5 100755
--- a/crypto/openssl/crypto/sha/asm/sha512-c64xplus.pl
+++ b/crypto/openssl/crypto/sha/asm/sha512-c64xplus.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -435,4 +435,4 @@ K512:
 ___
 
 print $code;
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/sha/asm/sha512-mips.pl b/crypto/openssl/crypto/sha/asm/sha512-mips.pl
index dab684dde5bc7..15acd5308dda4 100755
--- a/crypto/openssl/crypto/sha/asm/sha512-mips.pl
+++ b/crypto/openssl/crypto/sha/asm/sha512-mips.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2010-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -518,4 +518,4 @@ ___
 
 $code =~ s/\`([^\`]*)\`/eval $1/gem;
 print $code;
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/sha/asm/sha512-parisc.pl b/crypto/openssl/crypto/sha/asm/sha512-parisc.pl
index 59eb320ab6ed9..132f1db8eb9e7 100755
--- a/crypto/openssl/crypto/sha/asm/sha512-parisc.pl
+++ b/crypto/openssl/crypto/sha/asm/sha512-parisc.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2009-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -804,4 +804,4 @@ foreach (split("\n",$code)) {
 	print $_,"\n";
 }
 
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/sha/asm/sha512-ppc.pl b/crypto/openssl/crypto/sha/asm/sha512-ppc.pl
index 71699f6637064..265ecfa58c87f 100755
--- a/crypto/openssl/crypto/sha/asm/sha512-ppc.pl
+++ b/crypto/openssl/crypto/sha/asm/sha512-ppc.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -796,4 +796,4 @@ ___
 
 $code =~ s/\`([^\`]*)\`/eval $1/gem;
 print $code;
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/sha/asm/sha512-s390x.pl b/crypto/openssl/crypto/sha/asm/sha512-s390x.pl
index 4c0f4e79315b9..9752fed4ea264 100755
--- a/crypto/openssl/crypto/sha/asm/sha512-s390x.pl
+++ b/crypto/openssl/crypto/sha/asm/sha512-s390x.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -321,4 +321,4 @@ $code =~ s/\`([^\`]*)\`/eval $1/gem;
 $code =~ s/(srlg\s+)(%r[0-9]+),/$1$2,$2,/gm;
 
 print $code;
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/sha/asm/sha512-sparcv9.pl b/crypto/openssl/crypto/sha/asm/sha512-sparcv9.pl
index c215909633aec..54429d34e3983 100755
--- a/crypto/openssl/crypto/sha/asm/sha512-sparcv9.pl
+++ b/crypto/openssl/crypto/sha/asm/sha512-sparcv9.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2007-2019 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -854,4 +854,4 @@ foreach (split("\n",$code)) {
 	print $_,"\n";
 }
 
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/sha/asm/sha512-x86_64.pl b/crypto/openssl/crypto/sha/asm/sha512-x86_64.pl
index f2ebdfdb68b64..64ae641c14075 100755
--- a/crypto/openssl/crypto/sha/asm/sha512-x86_64.pl
+++ b/crypto/openssl/crypto/sha/asm/sha512-x86_64.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -135,7 +135,7 @@ if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
 	$avx = ($1>=10) + ($1>=11);
 }
 
-if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([3-9]\.[0-9]+)/) {
+if (!$avx && `$ENV{CC} -v 2>&1` =~ /((?:^clang|LLVM) version|.*based on LLVM) ([0-9]+\.[0-9]+)/) {
 	$avx = ($2>=3.0) + ($2>3.0);
 }
 
@@ -569,6 +569,7 @@ $code.=<<___;
 .align	64
 sha256_block_data_order_shaext:
 _shaext_shortcut:
+.cfi_startproc
 ___
 $code.=<<___ if ($win64);
 	lea	`-8-5*16`(%rsp),%rsp
@@ -712,6 +713,7 @@ $code.=<<___ if ($win64);
 ___
 $code.=<<___;
 	ret
+.cfi_endproc
 .size	sha256_block_data_order_shaext,.-sha256_block_data_order_shaext
 ___
 }}}
@@ -1992,7 +1994,23 @@ $code.=<<___;
 	vmovdqa	$t0,0x00(%rsp)
 	xor	$a1,$a1
 	vmovdqa	$t1,0x20(%rsp)
+___
+$code.=<<___ if (!$win64);
+# temporarily use %rdi as frame pointer
+	mov	$_rsp,%rdi
+.cfi_def_cfa	%rdi,8
+___
+$code.=<<___;
 	lea	-$PUSH8(%rsp),%rsp
+___
+$code.=<<___ if (!$win64);
+# the frame info is at $_rsp, but the stack is moving...
+# so a second frame pointer is saved at -8(%rsp)
+# that is in the red zone
+	mov	%rdi,-8(%rsp)
+.cfi_cfa_expression	%rsp-8,deref,+8
+___
+$code.=<<___;
 	mov	$B,$a3
 	vmovdqa	$t2,0x00(%rsp)
 	xor	$C,$a3			# magic
@@ -2012,7 +2030,18 @@ my @X = @_;
 my @insns = (&$body,&$body,&$body,&$body);	# 96 instructions
 my $base = "+2*$PUSH8(%rsp)";
 
-	&lea	("%rsp","-$PUSH8(%rsp)")	if (($j%2)==0);
+	if (($j%2)==0) {
+	&lea	("%rsp","-$PUSH8(%rsp)");
+$code.=<<___ if (!$win64);
+.cfi_cfa_expression	%rsp+`$PUSH8-8`,deref,+8
+# copy secondary frame pointer to new location again at -8(%rsp)
+	pushq	$PUSH8-8(%rsp)
+.cfi_cfa_expression	%rsp,deref,+8
+	lea	8(%rsp),%rsp
+.cfi_cfa_expression	%rsp-8,deref,+8
+___
+	}
+
 	foreach (Xupdate_256_AVX()) {		# 29 instructions
 	    eval;
 	    eval(shift(@insns));
@@ -2083,7 +2112,23 @@ $code.=<<___;
 	vmovdqa	$t2,0x40(%rsp)
 	vpaddq	0x40($Tbl),@X[6],$t2
 	vmovdqa	$t3,0x60(%rsp)
+___
+$code.=<<___ if (!$win64);
+# temporarily use %rdi as frame pointer
+	mov	$_rsp,%rdi
+.cfi_def_cfa	%rdi,8
+___
+$code.=<<___;
 	lea	-$PUSH8(%rsp),%rsp
+___
+$code.=<<___ if (!$win64);
+# the frame info is at $_rsp, but the stack is moving...
+# so a second frame pointer is saved at -8(%rsp)
+# that is in the red zone
+	mov	%rdi,-8(%rsp)
+.cfi_cfa_expression	%rsp-8,deref,+8
+___
+$code.=<<___;
 	vpaddq	0x60($Tbl),@X[7],$t3
 	vmovdqa	$t0,0x00(%rsp)
 	xor	$a1,$a1
@@ -2107,7 +2152,18 @@ my @X = @_;
 my @insns = (&$body,&$body);			# 48 instructions
 my $base = "+2*$PUSH8(%rsp)";
 
-	&lea	("%rsp","-$PUSH8(%rsp)")	if (($j%4)==0);
+	if (($j%4)==0) {
+	&lea	("%rsp","-$PUSH8(%rsp)");
+$code.=<<___ if (!$win64);
+.cfi_cfa_expression	%rsp+`$PUSH8-8`,deref,+8
+# copy secondary frame pointer to new location again at -8(%rsp)
+	pushq	$PUSH8-8(%rsp)
+.cfi_cfa_expression	%rsp,deref,+8
+	lea	8(%rsp),%rsp
+.cfi_cfa_expression	%rsp-8,deref,+8
+___
+	}
+
 	foreach (Xupdate_512_AVX()) {		# 23 instructions
 	    eval;
 	    if ($_ !~ /\;$/) {
@@ -2182,6 +2238,8 @@ $code.=<<___;
 	add	$a1,$A
 	#mov	`2*$SZ*$rounds+8`(%rsp),$inp	# $_inp
 	lea	`2*$SZ*($rounds-8)`(%rsp),%rsp
+# restore frame pointer to original location at $_rsp
+.cfi_cfa_expression	$_rsp,deref,+8
 
 	add	$SZ*0($ctx),$A
 	add	$SZ*1($ctx),$B
@@ -2207,22 +2265,24 @@ $code.=<<___;
 
 	jbe	.Loop_avx2
 	lea	(%rsp),$Tbl
+# temporarily use $Tbl as index to $_rsp
+# this avoids the need to save a secondary frame pointer at -8(%rsp)
+.cfi_cfa_expression	$Tbl+`16*$SZ+3*8`,deref,+8
 
 .Ldone_avx2:
-	lea	($Tbl),%rsp
-	mov	$_rsp,%rsi
+	mov	`16*$SZ+3*8`($Tbl),%rsi
 .cfi_def_cfa	%rsi,8
 	vzeroupper
 ___
 $code.=<<___ if ($win64);
-	movaps	16*$SZ+32(%rsp),%xmm6
-	movaps	16*$SZ+48(%rsp),%xmm7
-	movaps	16*$SZ+64(%rsp),%xmm8
-	movaps	16*$SZ+80(%rsp),%xmm9
+	movaps	16*$SZ+32($Tbl),%xmm6
+	movaps	16*$SZ+48($Tbl),%xmm7
+	movaps	16*$SZ+64($Tbl),%xmm8
+	movaps	16*$SZ+80($Tbl),%xmm9
 ___
 $code.=<<___ if ($win64 && $SZ>4);
-	movaps	16*$SZ+96(%rsp),%xmm10
-	movaps	16*$SZ+112(%rsp),%xmm11
+	movaps	16*$SZ+96($Tbl),%xmm10
+	movaps	16*$SZ+112($Tbl),%xmm11
 ___
 $code.=<<___;
 	mov	-48(%rsi),%r15
@@ -2495,4 +2555,4 @@ foreach (split("\n",$code)) {
 
 	print $_,"\n";
 }
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/sha/asm/sha512p8-ppc.pl b/crypto/openssl/crypto/sha/asm/sha512p8-ppc.pl
index 0d4fdd292c07a..3f202964261d1 100755
--- a/crypto/openssl/crypto/sha/asm/sha512p8-ppc.pl
+++ b/crypto/openssl/crypto/sha/asm/sha512p8-ppc.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -417,4 +417,4 @@ ___
 
 $code =~ s/\`([^\`]*)\`/eval $1/gem;
 print $code;
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/sha/sha1dgst.c b/crypto/openssl/crypto/sha/sha1dgst.c
index 819370e61540f..7965829e64b0b 100644
--- a/crypto/openssl/crypto/sha/sha1dgst.c
+++ b/crypto/openssl/crypto/sha/sha1dgst.c
@@ -14,4 +14,4 @@
 
 /* The implementation is in ../md32_common.h */
 
-# include "sha_locl.h"
+# include "sha_local.h"
diff --git a/crypto/openssl/crypto/sha/sha256.c b/crypto/openssl/crypto/sha/sha256.c
index bf78f075eefbc..11050ba547146 100644
--- a/crypto/openssl/crypto/sha/sha256.c
+++ b/crypto/openssl/crypto/sha/sha256.c
@@ -128,7 +128,7 @@ static
 #endif
 void sha256_block_data_order(SHA256_CTX *ctx, const void *in, size_t num);
 
-#include "internal/md32_common.h"
+#include "crypto/md32_common.h"
 
 #ifndef SHA256_ASM
 static const SHA_LONG K256[64] = {
diff --git a/crypto/openssl/crypto/sha/sha512.c b/crypto/openssl/crypto/sha/sha512.c
index 50b65ee811d66..ca1f387a64f8a 100644
--- a/crypto/openssl/crypto/sha/sha512.c
+++ b/crypto/openssl/crypto/sha/sha512.c
@@ -50,7 +50,7 @@
 #include <openssl/opensslv.h>
 
 #include "internal/cryptlib.h"
-#include "internal/sha.h"
+#include "crypto/sha.h"
 
 #if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \
     defined(__x86_64) || defined(_M_AMD64) || defined(_M_X64) || \
diff --git a/crypto/openssl/crypto/sha/sha_locl.h b/crypto/openssl/crypto/sha/sha_local.h
index 4e5a090382678..6edb9ef1d27e5 100644
--- a/crypto/openssl/crypto/sha/sha_locl.h
+++ b/crypto/openssl/crypto/sha/sha_local.h
@@ -42,7 +42,7 @@ static void sha1_block_data_order(SHA_CTX *c, const void *p, size_t num);
 void sha1_block_data_order(SHA_CTX *c, const void *p, size_t num);
 #endif
 
-#include "internal/md32_common.h"
+#include "crypto/md32_common.h"
 
 #define INIT_DATA_h0 0x67452301UL
 #define INIT_DATA_h1 0xefcdab89UL
diff --git a/crypto/openssl/crypto/siphash/siphash.c b/crypto/openssl/crypto/siphash/siphash.c
index be74a38d934df..07d94c1e6e59d 100644
--- a/crypto/openssl/crypto/siphash/siphash.c
+++ b/crypto/openssl/crypto/siphash/siphash.c
@@ -27,7 +27,7 @@
 #include <string.h>
 #include <openssl/crypto.h>
 
-#include "internal/siphash.h"
+#include "crypto/siphash.h"
 #include "siphash_local.h"
 
 /* default: SipHash-2-4 */
diff --git a/crypto/openssl/crypto/siphash/siphash_ameth.c b/crypto/openssl/crypto/siphash/siphash_ameth.c
index c0ab7efae4b6d..2da6dfec8025d 100644
--- a/crypto/openssl/crypto/siphash/siphash_ameth.c
+++ b/crypto/openssl/crypto/siphash/siphash_ameth.c
@@ -10,10 +10,10 @@
 #include <stdio.h>
 #include "internal/cryptlib.h"
 #include <openssl/evp.h>
-#include "internal/asn1_int.h"
-#include "internal/siphash.h"
+#include "crypto/asn1.h"
+#include "crypto/siphash.h"
 #include "siphash_local.h"
-#include "internal/evp_int.h"
+#include "crypto/evp.h"
 
 /*
  * SIPHASH "ASN1" method. This is just here to indicate the maximum
diff --git a/crypto/openssl/crypto/siphash/siphash_pmeth.c b/crypto/openssl/crypto/siphash/siphash_pmeth.c
index 66e552fec5e51..0c7d2c61902ca 100644
--- a/crypto/openssl/crypto/siphash/siphash_pmeth.c
+++ b/crypto/openssl/crypto/siphash/siphash_pmeth.c
@@ -13,9 +13,9 @@
 #include <openssl/x509v3.h>
 #include <openssl/evp.h>
 #include <openssl/err.h>
-#include "internal/siphash.h"
+#include "crypto/siphash.h"
 #include "siphash_local.h"
-#include "internal/evp_int.h"
+#include "crypto/evp.h"
 
 /* SIPHASH pkey context structure */
 
diff --git a/crypto/openssl/crypto/sm2/sm2_crypt.c b/crypto/openssl/crypto/sm2/sm2_crypt.c
index 4389fc731edd8..ef505f64412bd 100644
--- a/crypto/openssl/crypto/sm2/sm2_crypt.c
+++ b/crypto/openssl/crypto/sm2/sm2_crypt.c
@@ -9,9 +9,9 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include "internal/sm2.h"
-#include "internal/sm2err.h"
-#include "internal/ec_int.h" /* ecdh_KDF_X9_63() */
+#include "crypto/sm2.h"
+#include "crypto/sm2err.h"
+#include "crypto/ec.h" /* ecdh_KDF_X9_63() */
 #include <openssl/err.h>
 #include <openssl/evp.h>
 #include <openssl/bn.h>
diff --git a/crypto/openssl/crypto/sm2/sm2_err.c b/crypto/openssl/crypto/sm2/sm2_err.c
index 653c6797f86f2..e5973e9c7140c 100644
--- a/crypto/openssl/crypto/sm2/sm2_err.c
+++ b/crypto/openssl/crypto/sm2/sm2_err.c
@@ -9,7 +9,7 @@
  */
 
 #include <openssl/err.h>
-#include "internal/sm2err.h"
+#include "crypto/sm2err.h"
 
 #ifndef OPENSSL_NO_ERR
 
diff --git a/crypto/openssl/crypto/sm2/sm2_pmeth.c b/crypto/openssl/crypto/sm2/sm2_pmeth.c
index d187699cc4117..b42a14c32f265 100644
--- a/crypto/openssl/crypto/sm2/sm2_pmeth.c
+++ b/crypto/openssl/crypto/sm2/sm2_pmeth.c
@@ -11,9 +11,9 @@
 #include <openssl/asn1t.h>
 #include <openssl/ec.h>
 #include <openssl/evp.h>
-#include "internal/evp_int.h"
-#include "internal/sm2.h"
-#include "internal/sm2err.h"
+#include "crypto/evp.h"
+#include "crypto/sm2.h"
+#include "crypto/sm2err.h"
 
 /* EC pkey context structure */
 
@@ -220,6 +220,10 @@ static int pkey_sm2_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
         *(size_t *)p2 = smctx->id_len;
         return 1;
 
+    case EVP_PKEY_CTRL_DIGESTINIT:
+        /* nothing to be inited, this is to suppress the error... */
+        return 1;
+
     default:
         return -2;
     }
diff --git a/crypto/openssl/crypto/sm2/sm2_sign.c b/crypto/openssl/crypto/sm2/sm2_sign.c
index 50ecb4d68cc65..683f03f93580a 100644
--- a/crypto/openssl/crypto/sm2/sm2_sign.c
+++ b/crypto/openssl/crypto/sm2/sm2_sign.c
@@ -9,9 +9,9 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include "internal/sm2.h"
-#include "internal/sm2err.h"
-#include "internal/ec_int.h" /* ec_group_do_inverse_ord() */
+#include "crypto/sm2.h"
+#include "crypto/sm2err.h"
+#include "crypto/ec.h" /* ec_group_do_inverse_ord() */
 #include "internal/numbers.h"
 #include <openssl/err.h>
 #include <openssl/evp.h>
diff --git a/crypto/openssl/crypto/sm3/m_sm3.c b/crypto/openssl/crypto/sm3/m_sm3.c
index 85538dc8af06a..7e54f4298431c 100644
--- a/crypto/openssl/crypto/sm3/m_sm3.c
+++ b/crypto/openssl/crypto/sm3/m_sm3.c
@@ -12,8 +12,8 @@
 
 #ifndef OPENSSL_NO_SM3
 # include <openssl/evp.h>
-# include "internal/evp_int.h"
-# include "internal/sm3.h"
+# include "crypto/evp.h"
+# include "crypto/sm3.h"
 
 static int init(EVP_MD_CTX *ctx)
 {
diff --git a/crypto/openssl/crypto/sm3/sm3.c b/crypto/openssl/crypto/sm3/sm3.c
index 1588dd115aa28..d78292b4c5b7e 100644
--- a/crypto/openssl/crypto/sm3/sm3.c
+++ b/crypto/openssl/crypto/sm3/sm3.c
@@ -10,7 +10,7 @@
  */
 
 #include <openssl/e_os2.h>
-#include "sm3_locl.h"
+#include "sm3_local.h"
 
 int sm3_init(SM3_CTX *c)
 {
diff --git a/crypto/openssl/crypto/sm3/sm3_locl.h b/crypto/openssl/crypto/sm3/sm3_local.h
index efa6db57c6cdd..7171de510de3b 100644
--- a/crypto/openssl/crypto/sm3/sm3_locl.h
+++ b/crypto/openssl/crypto/sm3/sm3_local.h
@@ -10,7 +10,7 @@
  */
 
 #include <string.h>
-#include "internal/sm3.h"
+#include "crypto/sm3.h"
 
 #define DATA_ORDER_IS_BIG_ENDIAN
 
@@ -36,7 +36,7 @@
 
 void sm3_transform(SM3_CTX *c, const unsigned char *data);
 
-#include "internal/md32_common.h"
+#include "crypto/md32_common.h"
 
 #define P0(X) (X ^ ROTATE(X, 9) ^ ROTATE(X, 17))
 #define P1(X) (X ^ ROTATE(X, 15) ^ ROTATE(X, 23))
diff --git a/crypto/openssl/crypto/sm4/sm4.c b/crypto/openssl/crypto/sm4/sm4.c
index 0c819a4b68eb3..5750e763319a0 100644
--- a/crypto/openssl/crypto/sm4/sm4.c
+++ b/crypto/openssl/crypto/sm4/sm4.c
@@ -10,7 +10,7 @@
  */
 
 #include <openssl/e_os2.h>
-#include "internal/sm4.h"
+#include "crypto/sm4.h"
 
 static const uint8_t SM4_S[256] = {
     0xD6, 0x90, 0xE9, 0xFE, 0xCC, 0xE1, 0x3D, 0xB7, 0x16, 0xB6, 0x14, 0xC2,
diff --git a/crypto/openssl/crypto/sparc_arch.h b/crypto/openssl/crypto/sparc_arch.h
index 99eafb331352e..c74063be2fa6a 100644
--- a/crypto/openssl/crypto/sparc_arch.h
+++ b/crypto/openssl/crypto/sparc_arch.h
@@ -7,8 +7,8 @@
  * https://www.openssl.org/source/license.html
  */
 
-#ifndef __SPARC_ARCH_H__
-# define __SPARC_ARCH_H__
+#ifndef OSSL_CRYPTO_SPARC_ARCH_H
+# define OSSL_CRYPTO_SPARC_ARCH_H
 
 # define SPARCV9_TICK_PRIVILEGED (1<<0)
 # define SPARCV9_PREFER_FPU      (1<<1)
@@ -115,4 +115,4 @@
         mov     tmp, %o7;
 # endif
 
-#endif                          /* __SPARC_ARCH_H__ */
+#endif                          /* OSSL_CRYPTO_SPARC_ARCH_H */
diff --git a/crypto/openssl/crypto/sparcv9cap.c b/crypto/openssl/crypto/sparcv9cap.c
index c8c567536b33d..ff1a983ac98b4 100644
--- a/crypto/openssl/crypto/sparcv9cap.c
+++ b/crypto/openssl/crypto/sparcv9cap.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -268,7 +268,7 @@ void OPENSSL_cpuid_setup(void)
 
     /*
      * In wait for better solution _sparcv9_rdcfr is masked by
-     * VIS3 flag, because it goes to uninterruptable endless
+     * VIS3 flag, because it goes to uninterruptible endless
      * loop on UltraSPARC II running Solaris. Things might be
      * different on Linux...
      */
diff --git a/crypto/openssl/crypto/srp/srp_lib.c b/crypto/openssl/crypto/srp/srp_lib.c
index ca20f6d097981..4f417de0c9897 100644
--- a/crypto/openssl/crypto/srp/srp_lib.c
+++ b/crypto/openssl/crypto/srp/srp_lib.c
@@ -16,7 +16,7 @@
 # include <openssl/sha.h>
 # include <openssl/srp.h>
 # include <openssl/evp.h>
-# include "internal/bn_srp.h"
+# include "crypto/bn_srp.h"
 
 /* calculate = SHA1(PAD(x) || PAD(y)) */
 
diff --git a/crypto/openssl/crypto/srp/srp_vfy.c b/crypto/openssl/crypto/srp/srp_vfy.c
index eb279dd4187a2..3dd2ab0507571 100644
--- a/crypto/openssl/crypto/srp/srp_vfy.c
+++ b/crypto/openssl/crypto/srp/srp_vfy.c
@@ -13,7 +13,7 @@
 
 #ifndef OPENSSL_NO_SRP
 # include "internal/cryptlib.h"
-# include "internal/evp_int.h"
+# include "crypto/evp.h"
 # include <openssl/sha.h>
 # include <openssl/srp.h>
 # include <openssl/evp.h>
diff --git a/crypto/openssl/crypto/store/loader_file.c b/crypto/openssl/crypto/store/loader_file.c
index 6f569ee62d71d..8f1d20e74aa4f 100644
--- a/crypto/openssl/crypto/store/loader_file.c
+++ b/crypto/openssl/crypto/store/loader_file.c
@@ -24,12 +24,12 @@
 #include <openssl/store.h>
 #include <openssl/ui.h>
 #include <openssl/x509.h>        /* For the PKCS8 stuff o.O */
-#include "internal/asn1_int.h"
-#include "internal/ctype.h"
+#include "crypto/asn1.h"
+#include "crypto/ctype.h"
 #include "internal/o_dir.h"
 #include "internal/cryptlib.h"
-#include "internal/store_int.h"
-#include "store_locl.h"
+#include "crypto/store.h"
+#include "store_local.h"
 
 #ifdef _WIN32
 # define stat    _stat
diff --git a/crypto/openssl/crypto/store/store_init.c b/crypto/openssl/crypto/store/store_init.c
index b398bf598ff6d..0103c8db8aaf5 100644
--- a/crypto/openssl/crypto/store/store_init.c
+++ b/crypto/openssl/crypto/store/store_init.c
@@ -8,8 +8,8 @@
  */
 
 #include <openssl/err.h>
-#include "internal/store.h"
-#include "store_locl.h"
+#include "crypto/store.h"
+#include "store_local.h"
 
 static CRYPTO_ONCE store_init = CRYPTO_ONCE_STATIC_INIT;
 DEFINE_RUN_ONCE_STATIC(do_store_init)
diff --git a/crypto/openssl/crypto/store/store_lib.c b/crypto/openssl/crypto/store/store_lib.c
index 7de2e31f556f7..fb8184d2d9b54 100644
--- a/crypto/openssl/crypto/store/store_lib.c
+++ b/crypto/openssl/crypto/store/store_lib.c
@@ -18,8 +18,8 @@
 #include <openssl/err.h>
 #include <openssl/store.h>
 #include "internal/thread_once.h"
-#include "internal/store_int.h"
-#include "store_locl.h"
+#include "crypto/store.h"
+#include "store_local.h"
 
 struct ossl_store_ctx_st {
     const OSSL_STORE_LOADER *loader;
diff --git a/crypto/openssl/crypto/store/store_locl.h b/crypto/openssl/crypto/store/store_local.h
index 369dcb33f2d61..369dcb33f2d61 100644
--- a/crypto/openssl/crypto/store/store_locl.h
+++ b/crypto/openssl/crypto/store/store_local.h
diff --git a/crypto/openssl/crypto/store/store_register.c b/crypto/openssl/crypto/store/store_register.c
index e68cb3c568537..3631d9b506346 100644
--- a/crypto/openssl/crypto/store/store_register.c
+++ b/crypto/openssl/crypto/store/store_register.c
@@ -8,12 +8,12 @@
  */
 
 #include <string.h>
-#include "internal/ctype.h"
+#include "crypto/ctype.h"
 #include <assert.h>
 
 #include <openssl/err.h>
 #include <openssl/lhash.h>
-#include "store_locl.h"
+#include "store_local.h"
 
 static CRYPTO_RWLOCK *registry_lock;
 static CRYPTO_ONCE registry_init = CRYPTO_ONCE_STATIC_INIT;
diff --git a/crypto/openssl/crypto/threads_none.c b/crypto/openssl/crypto/threads_none.c
index aabf0e0dc090b..aaaaae872a9b0 100644
--- a/crypto/openssl/crypto/threads_none.c
+++ b/crypto/openssl/crypto/threads_none.c
@@ -143,7 +143,7 @@ int openssl_get_fork_id(void)
 # if defined(OPENSSL_SYS_UNIX)
     return getpid();
 # else
-    return return 0;
+    return 0;
 # endif
 }
 #endif
diff --git a/crypto/openssl/crypto/ts/ts_asn1.c b/crypto/openssl/crypto/ts/ts_asn1.c
index 8707207082c9a..2840f5858acbf 100644
--- a/crypto/openssl/crypto/ts/ts_asn1.c
+++ b/crypto/openssl/crypto/ts/ts_asn1.c
@@ -10,7 +10,7 @@
 #include <openssl/ts.h>
 #include <openssl/err.h>
 #include <openssl/asn1t.h>
-#include "ts_lcl.h"
+#include "ts_local.h"
 
 ASN1_SEQUENCE(TS_MSG_IMPRINT) = {
         ASN1_SIMPLE(TS_MSG_IMPRINT, hash_algo, X509_ALGOR),
diff --git a/crypto/openssl/crypto/ts/ts_lib.c b/crypto/openssl/crypto/ts/ts_lib.c
index ce2e12c593e06..bfe981364b03f 100644
--- a/crypto/openssl/crypto/ts/ts_lib.c
+++ b/crypto/openssl/crypto/ts/ts_lib.c
@@ -14,7 +14,7 @@
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
 #include <openssl/ts.h>
-#include "ts_lcl.h"
+#include "ts_local.h"
 
 int TS_ASN1_INTEGER_print_bio(BIO *bio, const ASN1_INTEGER *num)
 {
diff --git a/crypto/openssl/crypto/ts/ts_lcl.h b/crypto/openssl/crypto/ts/ts_local.h
index 771784fef7c8d..771784fef7c8d 100644
--- a/crypto/openssl/crypto/ts/ts_lcl.h
+++ b/crypto/openssl/crypto/ts/ts_local.h
diff --git a/crypto/openssl/crypto/ts/ts_req_print.c b/crypto/openssl/crypto/ts/ts_req_print.c
index 0dedf47d924b1..4eba5cf0181c4 100644
--- a/crypto/openssl/crypto/ts/ts_req_print.c
+++ b/crypto/openssl/crypto/ts/ts_req_print.c
@@ -13,7 +13,7 @@
 #include <openssl/bn.h>
 #include <openssl/x509v3.h>
 #include <openssl/ts.h>
-#include "ts_lcl.h"
+#include "ts_local.h"
 
 int TS_REQ_print_bio(BIO *bio, TS_REQ *a)
 {
diff --git a/crypto/openssl/crypto/ts/ts_req_utils.c b/crypto/openssl/crypto/ts/ts_req_utils.c
index 2073d3395d75e..a4568e3b779d8 100644
--- a/crypto/openssl/crypto/ts/ts_req_utils.c
+++ b/crypto/openssl/crypto/ts/ts_req_utils.c
@@ -12,7 +12,7 @@
 #include <openssl/objects.h>
 #include <openssl/x509v3.h>
 #include <openssl/ts.h>
-#include "ts_lcl.h"
+#include "ts_local.h"
 
 int TS_REQ_set_version(TS_REQ *a, long version)
 {
diff --git a/crypto/openssl/crypto/ts/ts_rsp_print.c b/crypto/openssl/crypto/ts/ts_rsp_print.c
index 6eb0ec8d7504b..a2451aaa8d810 100644
--- a/crypto/openssl/crypto/ts/ts_rsp_print.c
+++ b/crypto/openssl/crypto/ts/ts_rsp_print.c
@@ -13,7 +13,7 @@
 #include <openssl/bn.h>
 #include <openssl/x509v3.h>
 #include <openssl/ts.h>
-#include "ts_lcl.h"
+#include "ts_local.h"
 
 struct status_map_st {
     int bit;
diff --git a/crypto/openssl/crypto/ts/ts_rsp_sign.c b/crypto/openssl/crypto/ts/ts_rsp_sign.c
index 1b2b84ef6b67d..a584ae5f5edde 100644
--- a/crypto/openssl/crypto/ts/ts_rsp_sign.c
+++ b/crypto/openssl/crypto/ts/ts_rsp_sign.c
@@ -14,7 +14,7 @@
 #include <openssl/ts.h>
 #include <openssl/pkcs7.h>
 #include <openssl/crypto.h>
-#include "ts_lcl.h"
+#include "ts_local.h"
 
 static ASN1_INTEGER *def_serial_cb(struct TS_resp_ctx *, void *);
 static int def_time_cb(struct TS_resp_ctx *, void *, long *sec, long *usec);
diff --git a/crypto/openssl/crypto/ts/ts_rsp_utils.c b/crypto/openssl/crypto/ts/ts_rsp_utils.c
index 3ecee39a22c21..3fa0dbd0f09ee 100644
--- a/crypto/openssl/crypto/ts/ts_rsp_utils.c
+++ b/crypto/openssl/crypto/ts/ts_rsp_utils.c
@@ -12,7 +12,7 @@
 #include <openssl/objects.h>
 #include <openssl/ts.h>
 #include <openssl/pkcs7.h>
-#include "ts_lcl.h"
+#include "ts_local.h"
 
 int TS_RESP_set_status_info(TS_RESP *a, TS_STATUS_INFO *status_info)
 {
diff --git a/crypto/openssl/crypto/ts/ts_rsp_verify.c b/crypto/openssl/crypto/ts/ts_rsp_verify.c
index 9deda81b07fb8..086021247c01c 100644
--- a/crypto/openssl/crypto/ts/ts_rsp_verify.c
+++ b/crypto/openssl/crypto/ts/ts_rsp_verify.c
@@ -12,7 +12,7 @@
 #include <openssl/objects.h>
 #include <openssl/ts.h>
 #include <openssl/pkcs7.h>
-#include "ts_lcl.h"
+#include "ts_local.h"
 
 static int ts_verify_cert(X509_STORE *store, STACK_OF(X509) *untrusted,
                           X509 *signer, STACK_OF(X509) **chain);
diff --git a/crypto/openssl/crypto/ts/ts_verify_ctx.c b/crypto/openssl/crypto/ts/ts_verify_ctx.c
index d4792ee04f597..1e80e0d370296 100644
--- a/crypto/openssl/crypto/ts/ts_verify_ctx.c
+++ b/crypto/openssl/crypto/ts/ts_verify_ctx.c
@@ -10,7 +10,7 @@
 #include "internal/cryptlib.h"
 #include <openssl/objects.h>
 #include <openssl/ts.h>
-#include "ts_lcl.h"
+#include "ts_local.h"
 
 TS_VERIFY_CTX *TS_VERIFY_CTX_new(void)
 {
diff --git a/crypto/openssl/crypto/ui/ui_lib.c b/crypto/openssl/crypto/ui/ui_lib.c
index f550972d3eec5..49cc45057c4cf 100644
--- a/crypto/openssl/crypto/ui/ui_lib.c
+++ b/crypto/openssl/crypto/ui/ui_lib.c
@@ -13,7 +13,7 @@
 #include <openssl/buffer.h>
 #include <openssl/ui.h>
 #include <openssl/err.h>
-#include "ui_locl.h"
+#include "ui_local.h"
 
 UI *UI_new(void)
 {
diff --git a/crypto/openssl/crypto/ui/ui_locl.h b/crypto/openssl/crypto/ui/ui_local.h
index 19b33b8fc6776..8a7dbda147216 100644
--- a/crypto/openssl/crypto/ui/ui_locl.h
+++ b/crypto/openssl/crypto/ui/ui_local.h
@@ -7,8 +7,8 @@
  * https://www.openssl.org/source/license.html
  */
 
-#ifndef HEADER_UI_LOCL_H
-# define HEADER_UI_LOCL_H
+#ifndef OSSL_CRYPTO_UI_LOCAL_H
+# define OSSL_CRYPTO_UI_LOCAL_H
 
 # include <openssl/ui.h>
 # include <openssl/crypto.h>
diff --git a/crypto/openssl/crypto/ui/ui_null.c b/crypto/openssl/crypto/ui/ui_null.c
index 9e5f6fca59e58..9ab00e0a7cb8b 100644
--- a/crypto/openssl/crypto/ui/ui_null.c
+++ b/crypto/openssl/crypto/ui/ui_null.c
@@ -7,7 +7,7 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include "ui_locl.h"
+#include "ui_local.h"
 
 static const UI_METHOD ui_null = {
     "OpenSSL NULL UI",
diff --git a/crypto/openssl/crypto/ui/ui_openssl.c b/crypto/openssl/crypto/ui/ui_openssl.c
index 0ec9f0daf333e..168de4630dcc0 100644
--- a/crypto/openssl/crypto/ui/ui_openssl.c
+++ b/crypto/openssl/crypto/ui/ui_openssl.c
@@ -53,7 +53,7 @@
 #  endif
 # endif
 
-# include "ui_locl.h"
+# include "ui_local.h"
 # include "internal/cryptlib.h"
 
 # ifdef OPENSSL_SYS_VMS          /* prototypes for sys$whatever */
diff --git a/crypto/openssl/crypto/ui/ui_util.c b/crypto/openssl/crypto/ui/ui_util.c
index b379324f9bab3..32a3c4e38de2c 100644
--- a/crypto/openssl/crypto/ui/ui_util.c
+++ b/crypto/openssl/crypto/ui/ui_util.c
@@ -8,8 +8,9 @@
  */
 
 #include <string.h>
+#include <openssl/pem.h>         /* PEM_def_callback() */
 #include "internal/thread_once.h"
-#include "ui_locl.h"
+#include "ui_local.h"
 
 #ifndef BUFSIZ
 #define BUFSIZ 256
@@ -156,7 +157,7 @@ UI_METHOD *UI_UTIL_wrap_read_pem_callback(pem_password_cb *cb, int rwflag)
         return NULL;
     }
     data->rwflag = rwflag;
-    data->cb = cb;
+    data->cb = cb != NULL ? cb : PEM_def_callback;
 
     return ui_method;
 }
diff --git a/crypto/openssl/crypto/whrlpool/asm/wp-mmx.pl b/crypto/openssl/crypto/whrlpool/asm/wp-mmx.pl
index 2241c6f0f24e6..176be50a67f21 100755
--- a/crypto/openssl/crypto/whrlpool/asm/wp-mmx.pl
+++ b/crypto/openssl/crypto/whrlpool/asm/wp-mmx.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -69,19 +69,19 @@ sub LL()
 					unshift(@_,pop(@_));
 				  }
 				}
-	else			{ die "unvalid SCALE value"; }
+	else			{ die "invalid SCALE value"; }
 }
 
 sub scale()
 {	if	($SCALE==2)	{ &lea(@_[0],&DWP(0,@_[1],@_[1])); }
 	elsif	($SCALE==8)	{ &lea(@_[0],&DWP(0,"",@_[1],8));  }
-	else			{ die "unvalid SCALE value";       }
+	else			{ die "invalid SCALE value";       }
 }
 
 sub row()
 {	if	($SCALE==2)	{ ((8-shift)&7); }
 	elsif	($SCALE==8)	{ (8*shift);     }
-	else			{ die "unvalid SCALE value"; }
+	else			{ die "invalid SCALE value"; }
 }
 
 $tbl="ebp";
@@ -504,4 +504,4 @@ for($i=0;$i<8;$i++) {
 &function_end_B("whirlpool_block_mmx");
 &asm_finish();
 
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/whrlpool/asm/wp-x86_64.pl b/crypto/openssl/crypto/whrlpool/asm/wp-x86_64.pl
index fe23d8cad00ba..b4fcd8be3c756 100755
--- a/crypto/openssl/crypto/whrlpool/asm/wp-x86_64.pl
+++ b/crypto/openssl/crypto/whrlpool/asm/wp-x86_64.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -614,4 +614,4 @@ ___
 
 $code =~ s/\`([^\`]*)\`/eval $1/gem;
 print $code;
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/crypto/whrlpool/wp_block.c b/crypto/openssl/crypto/whrlpool/wp_block.c
index 2ae5c38aba63e..c21c04dbc1bbf 100644
--- a/crypto/openssl/crypto/whrlpool/wp_block.c
+++ b/crypto/openssl/crypto/whrlpool/wp_block.c
@@ -36,7 +36,7 @@
  *
  */
 
-#include "wp_locl.h"
+#include "wp_local.h"
 #include <string.h>
 
 typedef unsigned char u8;
diff --git a/crypto/openssl/crypto/whrlpool/wp_dgst.c b/crypto/openssl/crypto/whrlpool/wp_dgst.c
index 1ac29803a4d6a..e8a3392268aa3 100644
--- a/crypto/openssl/crypto/whrlpool/wp_dgst.c
+++ b/crypto/openssl/crypto/whrlpool/wp_dgst.c
@@ -53,7 +53,7 @@
  */
 
 #include <openssl/crypto.h>
-#include "wp_locl.h"
+#include "wp_local.h"
 #include <string.h>
 
 int WHIRLPOOL_Init(WHIRLPOOL_CTX *c)
diff --git a/crypto/openssl/crypto/whrlpool/wp_locl.h b/crypto/openssl/crypto/whrlpool/wp_local.h
index 3a81cfd58c1a6..3a81cfd58c1a6 100644
--- a/crypto/openssl/crypto/whrlpool/wp_locl.h
+++ b/crypto/openssl/crypto/whrlpool/wp_local.h
diff --git a/crypto/openssl/crypto/x509/by_dir.c b/crypto/openssl/crypto/x509/by_dir.c
index b691a83a0dfbd..238c2519a6e2d 100644
--- a/crypto/openssl/crypto/x509/by_dir.c
+++ b/crypto/openssl/crypto/x509/by_dir.c
@@ -19,8 +19,8 @@
 #endif
 
 #include <openssl/x509.h>
-#include "internal/x509_int.h"
-#include "x509_lcl.h"
+#include "crypto/x509.h"
+#include "x509_local.h"
 
 struct lookup_dir_hashes_st {
     unsigned long hash;
diff --git a/crypto/openssl/crypto/x509/by_file.c b/crypto/openssl/crypto/x509/by_file.c
index 244512c9352b3..237b362e27462 100644
--- a/crypto/openssl/crypto/x509/by_file.c
+++ b/crypto/openssl/crypto/x509/by_file.c
@@ -15,7 +15,7 @@
 #include <openssl/buffer.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
-#include "x509_lcl.h"
+#include "x509_local.h"
 
 static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc,
                         long argl, char **ret);
diff --git a/crypto/openssl/crypto/x509/t_x509.c b/crypto/openssl/crypto/x509/t_x509.c
index ccacbe7cbf8f4..12d807f705ede 100644
--- a/crypto/openssl/crypto/x509/t_x509.c
+++ b/crypto/openssl/crypto/x509/t_x509.c
@@ -14,7 +14,7 @@
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
-#include "internal/asn1_int.h"
+#include "crypto/asn1.h"
 
 #ifndef OPENSSL_NO_STDIO
 int X509_print_fp(FILE *fp, X509 *x)
diff --git a/crypto/openssl/crypto/x509/x509_att.c b/crypto/openssl/crypto/x509/x509_att.c
index 3c4566d2e708e..651aa78083093 100644
--- a/crypto/openssl/crypto/x509/x509_att.c
+++ b/crypto/openssl/crypto/x509/x509_att.c
@@ -15,7 +15,7 @@
 #include <openssl/evp.h>
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
-#include "x509_lcl.h"
+#include "x509_local.h"
 
 int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x)
 {
diff --git a/crypto/openssl/crypto/x509/x509_cmp.c b/crypto/openssl/crypto/x509/x509_cmp.c
index 833bfce1bf23a..e06489c3347b9 100644
--- a/crypto/openssl/crypto/x509/x509_cmp.c
+++ b/crypto/openssl/crypto/x509/x509_cmp.c
@@ -13,7 +13,7 @@
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
-#include "internal/x509_int.h"
+#include "crypto/x509.h"
 
 int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b)
 {
diff --git a/crypto/openssl/crypto/x509/x509_ext.c b/crypto/openssl/crypto/x509/x509_ext.c
index 2db843760c689..4cdab724eadf0 100644
--- a/crypto/openssl/crypto/x509/x509_ext.c
+++ b/crypto/openssl/crypto/x509/x509_ext.c
@@ -13,7 +13,7 @@
 #include <openssl/objects.h>
 #include <openssl/evp.h>
 #include <openssl/x509.h>
-#include "internal/x509_int.h"
+#include "crypto/x509.h"
 #include <openssl/x509v3.h>
 
 int X509_CRL_get_ext_count(const X509_CRL *x)
diff --git a/crypto/openssl/crypto/x509/x509_lcl.h b/crypto/openssl/crypto/x509/x509_local.h
index c517a77456371..c517a77456371 100644
--- a/crypto/openssl/crypto/x509/x509_lcl.h
+++ b/crypto/openssl/crypto/x509/x509_local.h
diff --git a/crypto/openssl/crypto/x509/x509_lu.c b/crypto/openssl/crypto/x509/x509_lu.c
index b7d2e66574c45..641a41c35c784 100644
--- a/crypto/openssl/crypto/x509/x509_lu.c
+++ b/crypto/openssl/crypto/x509/x509_lu.c
@@ -11,9 +11,9 @@
 #include "internal/cryptlib.h"
 #include "internal/refcount.h"
 #include <openssl/x509.h>
-#include "internal/x509_int.h"
+#include "crypto/x509.h"
 #include <openssl/x509v3.h>
-#include "x509_lcl.h"
+#include "x509_local.h"
 
 X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method)
 {
diff --git a/crypto/openssl/crypto/x509/x509_meth.c b/crypto/openssl/crypto/x509/x509_meth.c
index 9dc587a092124..9348cc8eb788a 100644
--- a/crypto/openssl/crypto/x509/x509_meth.c
+++ b/crypto/openssl/crypto/x509/x509_meth.c
@@ -15,7 +15,7 @@
 #include <openssl/asn1.h>
 #include <openssl/x509.h>
 #include <openssl/ossl_typ.h>
-#include "x509_lcl.h"
+#include "x509_local.h"
 
 X509_LOOKUP_METHOD *X509_LOOKUP_meth_new(const char *name)
 {
diff --git a/crypto/openssl/crypto/x509/x509_obj.c b/crypto/openssl/crypto/x509/x509_obj.c
index 85c39415c11e9..f54d483cc4ddc 100644
--- a/crypto/openssl/crypto/x509/x509_obj.c
+++ b/crypto/openssl/crypto/x509/x509_obj.c
@@ -12,7 +12,7 @@
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 #include <openssl/buffer.h>
-#include "internal/x509_int.h"
+#include "crypto/x509.h"
 
 /*
  * Limit to ensure we don't overflow: much greater than
diff --git a/crypto/openssl/crypto/x509/x509_r2x.c b/crypto/openssl/crypto/x509/x509_r2x.c
index 3d72787d3164d..6b1623feacb71 100644
--- a/crypto/openssl/crypto/x509/x509_r2x.c
+++ b/crypto/openssl/crypto/x509/x509_r2x.c
@@ -13,7 +13,7 @@
 #include <openssl/evp.h>
 #include <openssl/asn1.h>
 #include <openssl/x509.h>
-#include "internal/x509_int.h"
+#include "crypto/x509.h"
 #include <openssl/objects.h>
 #include <openssl/buffer.h>
 
diff --git a/crypto/openssl/crypto/x509/x509_req.c b/crypto/openssl/crypto/x509/x509_req.c
index 0bdbb81db894d..7ba0f26495f97 100644
--- a/crypto/openssl/crypto/x509/x509_req.c
+++ b/crypto/openssl/crypto/x509/x509_req.c
@@ -14,7 +14,7 @@
 #include <openssl/asn1.h>
 #include <openssl/asn1t.h>
 #include <openssl/x509.h>
-#include "internal/x509_int.h"
+#include "crypto/x509.h"
 #include <openssl/objects.h>
 #include <openssl/buffer.h>
 #include <openssl/pem.h>
diff --git a/crypto/openssl/crypto/x509/x509_set.c b/crypto/openssl/crypto/x509/x509_set.c
index 3ab6bf35115ff..164b4e2be136a 100644
--- a/crypto/openssl/crypto/x509/x509_set.c
+++ b/crypto/openssl/crypto/x509/x509_set.c
@@ -15,9 +15,9 @@
 #include <openssl/evp.h>
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
-#include "internal/asn1_int.h"
-#include "internal/x509_int.h"
-#include "x509_lcl.h"
+#include "crypto/asn1.h"
+#include "crypto/x509.h"
+#include "x509_local.h"
 
 int X509_set_version(X509 *x, long version)
 {
diff --git a/crypto/openssl/crypto/x509/x509_trs.c b/crypto/openssl/crypto/x509/x509_trs.c
index d749af4d590a6..9e199d63e46a3 100644
--- a/crypto/openssl/crypto/x509/x509_trs.c
+++ b/crypto/openssl/crypto/x509/x509_trs.c
@@ -10,7 +10,7 @@
 #include <stdio.h>
 #include "internal/cryptlib.h"
 #include <openssl/x509v3.h>
-#include "internal/x509_int.h"
+#include "crypto/x509.h"
 
 static int tr_cmp(const X509_TRUST *const *a, const X509_TRUST *const *b);
 static void trtable_free(X509_TRUST *p);
diff --git a/crypto/openssl/crypto/x509/x509_v3.c b/crypto/openssl/crypto/x509/x509_v3.c
index 75ae767d608c9..c7876023304ca 100644
--- a/crypto/openssl/crypto/x509/x509_v3.c
+++ b/crypto/openssl/crypto/x509/x509_v3.c
@@ -15,7 +15,7 @@
 #include <openssl/evp.h>
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
-#include "x509_lcl.h"
+#include "x509_local.h"
 
 int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x)
 {
diff --git a/crypto/openssl/crypto/x509/x509_vfy.c b/crypto/openssl/crypto/x509/x509_vfy.c
index 6be2c71e8692b..361954c62ee78 100644
--- a/crypto/openssl/crypto/x509/x509_vfy.c
+++ b/crypto/openssl/crypto/x509/x509_vfy.c
@@ -12,7 +12,7 @@
 #include <errno.h>
 #include <limits.h>
 
-#include "internal/ctype.h"
+#include "crypto/ctype.h"
 #include "internal/cryptlib.h"
 #include <openssl/crypto.h>
 #include <openssl/buffer.h>
@@ -22,8 +22,8 @@
 #include <openssl/x509v3.h>
 #include <openssl/objects.h>
 #include "internal/dane.h"
-#include "internal/x509_int.h"
-#include "x509_lcl.h"
+#include "crypto/x509.h"
+#include "x509_local.h"
 
 /* CRL score values */
 
diff --git a/crypto/openssl/crypto/x509/x509_vpm.c b/crypto/openssl/crypto/x509/x509_vpm.c
index aea186295c2a0..68b681d5ee854 100644
--- a/crypto/openssl/crypto/x509/x509_vpm.c
+++ b/crypto/openssl/crypto/x509/x509_vpm.c
@@ -14,9 +14,9 @@
 #include <openssl/buffer.h>
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
-#include "internal/x509_int.h"
+#include "crypto/x509.h"
 
-#include "x509_lcl.h"
+#include "x509_local.h"
 
 /* X509_VERIFY_PARAM functions */
 
diff --git a/crypto/openssl/crypto/x509/x509cset.c b/crypto/openssl/crypto/x509/x509cset.c
index 7645ce3759706..6c08509138d5f 100644
--- a/crypto/openssl/crypto/x509/x509cset.c
+++ b/crypto/openssl/crypto/x509/x509cset.c
@@ -14,7 +14,7 @@
 #include <openssl/objects.h>
 #include <openssl/evp.h>
 #include <openssl/x509.h>
-#include "internal/x509_int.h"
+#include "crypto/x509.h"
 
 int X509_CRL_set_version(X509_CRL *x, long version)
 {
diff --git a/crypto/openssl/crypto/x509/x509name.c b/crypto/openssl/crypto/x509/x509name.c
index 64a73e793fdf5..c86d8e7914f11 100644
--- a/crypto/openssl/crypto/x509/x509name.c
+++ b/crypto/openssl/crypto/x509/x509name.c
@@ -14,7 +14,7 @@
 #include <openssl/objects.h>
 #include <openssl/evp.h>
 #include <openssl/x509.h>
-#include "internal/x509_int.h"
+#include "crypto/x509.h"
 
 int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len)
 {
diff --git a/crypto/openssl/crypto/x509/x509rset.c b/crypto/openssl/crypto/x509/x509rset.c
index e8921b82a8386..9da3f2ee27dfd 100644
--- a/crypto/openssl/crypto/x509/x509rset.c
+++ b/crypto/openssl/crypto/x509/x509rset.c
@@ -13,7 +13,7 @@
 #include <openssl/objects.h>
 #include <openssl/evp.h>
 #include <openssl/x509.h>
-#include "internal/x509_int.h"
+#include "crypto/x509.h"
 
 int X509_REQ_set_version(X509_REQ *x, long version)
 {
diff --git a/crypto/openssl/crypto/x509/x_all.c b/crypto/openssl/crypto/x509/x_all.c
index 24e4114601cae..6cccfa99d1a62 100644
--- a/crypto/openssl/crypto/x509/x_all.c
+++ b/crypto/openssl/crypto/x509/x_all.c
@@ -13,7 +13,7 @@
 #include <openssl/asn1.h>
 #include <openssl/evp.h>
 #include <openssl/x509.h>
-#include "internal/x509_int.h"
+#include "crypto/x509.h"
 #include <openssl/ocsp.h>
 #include <openssl/rsa.h>
 #include <openssl/dsa.h>
diff --git a/crypto/openssl/crypto/x509/x_attrib.c b/crypto/openssl/crypto/x509/x_attrib.c
index 9a41e547cb2ee..813c5b01c3aeb 100644
--- a/crypto/openssl/crypto/x509/x_attrib.c
+++ b/crypto/openssl/crypto/x509/x_attrib.c
@@ -12,7 +12,7 @@
 #include <openssl/objects.h>
 #include <openssl/asn1t.h>
 #include <openssl/x509.h>
-#include "x509_lcl.h"
+#include "x509_local.h"
 
 /*-
  * X509_ATTRIBUTE: this has the following form:
diff --git a/crypto/openssl/crypto/x509/x_crl.c b/crypto/openssl/crypto/x509/x_crl.c
index 12ab3cca42c05..e864126fef372 100644
--- a/crypto/openssl/crypto/x509/x_crl.c
+++ b/crypto/openssl/crypto/x509/x_crl.c
@@ -11,9 +11,9 @@
 #include "internal/cryptlib.h"
 #include <openssl/asn1t.h>
 #include <openssl/x509.h>
-#include "internal/x509_int.h"
+#include "crypto/x509.h"
 #include <openssl/x509v3.h>
-#include "x509_lcl.h"
+#include "x509_local.h"
 
 static int X509_REVOKED_cmp(const X509_REVOKED *const *a,
                             const X509_REVOKED *const *b);
diff --git a/crypto/openssl/crypto/x509/x_exten.c b/crypto/openssl/crypto/x509/x_exten.c
index f10f4a4d87698..bd7518ef12bfc 100644
--- a/crypto/openssl/crypto/x509/x_exten.c
+++ b/crypto/openssl/crypto/x509/x_exten.c
@@ -11,7 +11,7 @@
 #include <openssl/x509.h>
 #include <openssl/asn1.h>
 #include <openssl/asn1t.h>
-#include "x509_lcl.h"
+#include "x509_local.h"
 
 ASN1_SEQUENCE(X509_EXTENSION) = {
         ASN1_SIMPLE(X509_EXTENSION, object, ASN1_OBJECT),
diff --git a/crypto/openssl/crypto/x509/x_name.c b/crypto/openssl/crypto/x509/x_name.c
index a1e9bbdb669d0..aa7f4722b6b9e 100644
--- a/crypto/openssl/crypto/x509/x_name.c
+++ b/crypto/openssl/crypto/x509/x_name.c
@@ -8,13 +8,13 @@
  */
 
 #include <stdio.h>
-#include "internal/ctype.h"
+#include "crypto/ctype.h"
 #include "internal/cryptlib.h"
 #include <openssl/asn1t.h>
 #include <openssl/x509.h>
-#include "internal/x509_int.h"
-#include "internal/asn1_int.h"
-#include "x509_lcl.h"
+#include "crypto/x509.h"
+#include "crypto/asn1.h"
+#include "x509_local.h"
 
 /*
  * Maximum length of X509_NAME: much larger than anything we should
diff --git a/crypto/openssl/crypto/x509/x_pubkey.c b/crypto/openssl/crypto/x509/x_pubkey.c
index 1c87b8268eb57..4f694b93fb003 100644
--- a/crypto/openssl/crypto/x509/x_pubkey.c
+++ b/crypto/openssl/crypto/x509/x_pubkey.c
@@ -11,9 +11,9 @@
 #include "internal/cryptlib.h"
 #include <openssl/asn1t.h>
 #include <openssl/x509.h>
-#include "internal/asn1_int.h"
-#include "internal/evp_int.h"
-#include "internal/x509_int.h"
+#include "crypto/asn1.h"
+#include "crypto/evp.h"
+#include "crypto/x509.h"
 #include <openssl/rsa.h>
 #include <openssl/dsa.h>
 
diff --git a/crypto/openssl/crypto/x509/x_req.c b/crypto/openssl/crypto/x509/x_req.c
index c2da95a73ecf7..d2b02f6dae86d 100644
--- a/crypto/openssl/crypto/x509/x_req.c
+++ b/crypto/openssl/crypto/x509/x_req.c
@@ -11,7 +11,7 @@
 #include "internal/cryptlib.h"
 #include <openssl/asn1t.h>
 #include <openssl/x509.h>
-#include "internal/x509_int.h"
+#include "crypto/x509.h"
 
 /*-
  * X509_REQ_INFO is handled in an unusual way to get round
diff --git a/crypto/openssl/crypto/x509/x_x509.c b/crypto/openssl/crypto/x509/x_x509.c
index afe59c46c5188..7aa8b77ae73a2 100644
--- a/crypto/openssl/crypto/x509/x_x509.c
+++ b/crypto/openssl/crypto/x509/x_x509.c
@@ -13,7 +13,7 @@
 #include <openssl/asn1t.h>
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
-#include "internal/x509_int.h"
+#include "crypto/x509.h"
 
 ASN1_SEQUENCE_enc(X509_CINF, enc, 0) = {
         ASN1_EXP_OPT(X509_CINF, version, ASN1_INTEGER, 0),
diff --git a/crypto/openssl/crypto/x509/x_x509a.c b/crypto/openssl/crypto/x509/x_x509a.c
index 8c9ad71d1b292..c5175faef7afa 100644
--- a/crypto/openssl/crypto/x509/x_x509a.c
+++ b/crypto/openssl/crypto/x509/x_x509a.c
@@ -12,7 +12,7 @@
 #include <openssl/evp.h>
 #include <openssl/asn1t.h>
 #include <openssl/x509.h>
-#include "internal/x509_int.h"
+#include "crypto/x509.h"
 
 /*
  * X509_CERT_AUX routines. These are used to encode additional user
diff --git a/crypto/openssl/crypto/x509v3/pcy_cache.c b/crypto/openssl/crypto/x509v3/pcy_cache.c
index 623870b1f6f5c..04401bace8c58 100644
--- a/crypto/openssl/crypto/x509v3/pcy_cache.c
+++ b/crypto/openssl/crypto/x509v3/pcy_cache.c
@@ -10,9 +10,9 @@
 #include "internal/cryptlib.h"
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
-#include "internal/x509_int.h"
+#include "crypto/x509.h"
 
-#include "pcy_int.h"
+#include "pcy_local.h"
 
 static int policy_data_cmp(const X509_POLICY_DATA *const *a,
                            const X509_POLICY_DATA *const *b);
diff --git a/crypto/openssl/crypto/x509v3/pcy_data.c b/crypto/openssl/crypto/x509v3/pcy_data.c
index bd3bb0e40dfe6..0735059513220 100644
--- a/crypto/openssl/crypto/x509v3/pcy_data.c
+++ b/crypto/openssl/crypto/x509v3/pcy_data.c
@@ -11,7 +11,7 @@
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
 
-#include "pcy_int.h"
+#include "pcy_local.h"
 
 /* Policy Node routines */
 
diff --git a/crypto/openssl/crypto/x509v3/pcy_lib.c b/crypto/openssl/crypto/x509v3/pcy_lib.c
index 67f7eafc6e8d2..2e196b838ca26 100644
--- a/crypto/openssl/crypto/x509v3/pcy_lib.c
+++ b/crypto/openssl/crypto/x509v3/pcy_lib.c
@@ -11,7 +11,7 @@
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
 
-#include "pcy_int.h"
+#include "pcy_local.h"
 
 /* accessor functions */
 
diff --git a/crypto/openssl/crypto/x509v3/pcy_int.h b/crypto/openssl/crypto/x509v3/pcy_local.h
index 5daf78de45850..5daf78de45850 100644
--- a/crypto/openssl/crypto/x509v3/pcy_int.h
+++ b/crypto/openssl/crypto/x509v3/pcy_local.h
diff --git a/crypto/openssl/crypto/x509v3/pcy_map.c b/crypto/openssl/crypto/x509v3/pcy_map.c
index ab9dd21b7d939..ae2a62c977870 100644
--- a/crypto/openssl/crypto/x509v3/pcy_map.c
+++ b/crypto/openssl/crypto/x509v3/pcy_map.c
@@ -10,9 +10,9 @@
 #include "internal/cryptlib.h"
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
-#include "internal/x509_int.h"
+#include "crypto/x509.h"
 
-#include "pcy_int.h"
+#include "pcy_local.h"
 
 /*
  * Set policy mapping entries in cache. Note: this modifies the passed
diff --git a/crypto/openssl/crypto/x509v3/pcy_node.c b/crypto/openssl/crypto/x509v3/pcy_node.c
index 1ffe98498bdb4..e2d7b15322363 100644
--- a/crypto/openssl/crypto/x509v3/pcy_node.c
+++ b/crypto/openssl/crypto/x509v3/pcy_node.c
@@ -12,7 +12,7 @@
 #include <openssl/x509v3.h>
 #include <openssl/err.h>
 
-#include "pcy_int.h"
+#include "pcy_local.h"
 
 static int node_cmp(const X509_POLICY_NODE *const *a,
                     const X509_POLICY_NODE *const *b)
diff --git a/crypto/openssl/crypto/x509v3/pcy_tree.c b/crypto/openssl/crypto/x509v3/pcy_tree.c
index 87f51d001bbbc..6e8322cbc5e38 100644
--- a/crypto/openssl/crypto/x509v3/pcy_tree.c
+++ b/crypto/openssl/crypto/x509v3/pcy_tree.c
@@ -11,7 +11,7 @@
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
 
-#include "pcy_int.h"
+#include "pcy_local.h"
 
 /*
  * Enable this to print out the complete policy tree at various point during
diff --git a/crypto/openssl/crypto/x509v3/v3_addr.c b/crypto/openssl/crypto/x509v3/v3_addr.c
index bb58e0484611a..4258dbc40c0f2 100644
--- a/crypto/openssl/crypto/x509v3/v3_addr.c
+++ b/crypto/openssl/crypto/x509v3/v3_addr.c
@@ -20,7 +20,7 @@
 #include <openssl/asn1t.h>
 #include <openssl/buffer.h>
 #include <openssl/x509v3.h>
-#include "internal/x509_int.h"
+#include "crypto/x509.h"
 #include "ext_dat.h"
 
 #ifndef OPENSSL_NO_RFC3779
diff --git a/crypto/openssl/crypto/x509v3/v3_admis.h b/crypto/openssl/crypto/x509v3/v3_admis.h
index fa23fc761759f..ea7632b3708d0 100644
--- a/crypto/openssl/crypto/x509v3/v3_admis.h
+++ b/crypto/openssl/crypto/x509v3/v3_admis.h
@@ -7,8 +7,8 @@
  * https://www.openssl.org/source/license.html
  */
 
-#ifndef HEADER_V3_ADMISSION_H
-# define HEADER_V3_ADMISSION_H
+#ifndef OSSL_CRYPTO_X509V3_V3_ADMIS_H
+# define OSSL_CRYPTO_X509V3_V3_ADMIS_H
 
 struct NamingAuthority_st {
     ASN1_OBJECT* namingAuthorityId;
diff --git a/crypto/openssl/crypto/x509v3/v3_alt.c b/crypto/openssl/crypto/x509v3/v3_alt.c
index dfcb9094f4fc9..7ac2911b91af0 100644
--- a/crypto/openssl/crypto/x509v3/v3_alt.c
+++ b/crypto/openssl/crypto/x509v3/v3_alt.c
@@ -52,11 +52,24 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method,
 {
     int i;
     GENERAL_NAME *gen;
+    STACK_OF(CONF_VALUE) *tmpret = NULL, *origret = ret;
+
     for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
         gen = sk_GENERAL_NAME_value(gens, i);
-        ret = i2v_GENERAL_NAME(method, gen, ret);
+        /*
+         * i2v_GENERAL_NAME allocates ret if it is NULL. If something goes
+         * wrong we need to free the stack - but only if it was empty when we
+         * originally entered this function.
+         */
+        tmpret = i2v_GENERAL_NAME(method, gen, ret);
+        if (tmpret == NULL) {
+            if (origret == NULL)
+                sk_CONF_VALUE_pop_free(ret, X509V3_conf_free);
+            return NULL;
+        }
+        ret = tmpret;
     }
-    if (!ret)
+    if (ret == NULL)
         return sk_CONF_VALUE_new_null();
     return ret;
 }
diff --git a/crypto/openssl/crypto/x509v3/v3_asid.c b/crypto/openssl/crypto/x509v3/v3_asid.c
index 089f2ae29f0c8..ac6857267291f 100644
--- a/crypto/openssl/crypto/x509v3/v3_asid.c
+++ b/crypto/openssl/crypto/x509v3/v3_asid.c
@@ -20,7 +20,7 @@
 #include <openssl/asn1t.h>
 #include <openssl/x509v3.h>
 #include <openssl/x509.h>
-#include "internal/x509_int.h"
+#include "crypto/x509.h"
 #include <openssl/bn.h>
 #include "ext_dat.h"
 
@@ -256,6 +256,7 @@ static int extract_min_max(ASIdOrRange *aor,
 static int ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice)
 {
     ASN1_INTEGER *a_max_plus_one = NULL;
+    ASN1_INTEGER *orig;
     BIGNUM *bn = NULL;
     int i, ret = 0;
 
@@ -298,9 +299,15 @@ static int ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice)
          */
         if ((bn == NULL && (bn = BN_new()) == NULL) ||
             ASN1_INTEGER_to_BN(a_max, bn) == NULL ||
-            !BN_add_word(bn, 1) ||
-            (a_max_plus_one =
-             BN_to_ASN1_INTEGER(bn, a_max_plus_one)) == NULL) {
+            !BN_add_word(bn, 1)) {
+            X509V3err(X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL,
+                      ERR_R_MALLOC_FAILURE);
+            goto done;
+        }
+
+        if ((a_max_plus_one =
+                BN_to_ASN1_INTEGER(bn, orig = a_max_plus_one)) == NULL) {
+            a_max_plus_one = orig;
             X509V3err(X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL,
                       ERR_R_MALLOC_FAILURE);
             goto done;
@@ -351,6 +358,7 @@ int X509v3_asid_is_canonical(ASIdentifiers *asid)
 static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice)
 {
     ASN1_INTEGER *a_max_plus_one = NULL;
+    ASN1_INTEGER *orig;
     BIGNUM *bn = NULL;
     int i, ret = 0;
 
@@ -416,9 +424,15 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice)
          */
         if ((bn == NULL && (bn = BN_new()) == NULL) ||
             ASN1_INTEGER_to_BN(a_max, bn) == NULL ||
-            !BN_add_word(bn, 1) ||
-            (a_max_plus_one =
-             BN_to_ASN1_INTEGER(bn, a_max_plus_one)) == NULL) {
+            !BN_add_word(bn, 1)) {
+            X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE,
+                      ERR_R_MALLOC_FAILURE);
+            goto done;
+        }
+
+        if ((a_max_plus_one =
+                 BN_to_ASN1_INTEGER(bn, orig = a_max_plus_one)) == NULL) {
+            a_max_plus_one = orig;
             X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE,
                       ERR_R_MALLOC_FAILURE);
             goto done;
diff --git a/crypto/openssl/crypto/x509v3/v3_conf.c b/crypto/openssl/crypto/x509v3/v3_conf.c
index 7acaebfa2250e..e93de3454604f 100644
--- a/crypto/openssl/crypto/x509v3/v3_conf.c
+++ b/crypto/openssl/crypto/x509v3/v3_conf.c
@@ -10,11 +10,11 @@
 /* extension creation utilities */
 
 #include <stdio.h>
-#include "internal/ctype.h"
+#include "crypto/ctype.h"
 #include "internal/cryptlib.h"
 #include <openssl/conf.h>
 #include <openssl/x509.h>
-#include "internal/x509_int.h"
+#include "crypto/x509.h"
 #include <openssl/x509v3.h>
 
 static int v3_check_critical(const char **value);
diff --git a/crypto/openssl/crypto/x509v3/v3_cpols.c b/crypto/openssl/crypto/x509v3/v3_cpols.c
index 7a47fd38b3790..1d12c899125c8 100644
--- a/crypto/openssl/crypto/x509v3/v3_cpols.c
+++ b/crypto/openssl/crypto/x509v3/v3_cpols.c
@@ -14,7 +14,7 @@
 #include <openssl/asn1t.h>
 #include <openssl/x509v3.h>
 
-#include "pcy_int.h"
+#include "pcy_local.h"
 #include "ext_dat.h"
 
 /* Certificate policies extension support: this one is a bit complex... */
diff --git a/crypto/openssl/crypto/x509v3/v3_crld.c b/crypto/openssl/crypto/x509v3/v3_crld.c
index 6cba4240abf1e..4854748ffb51a 100644
--- a/crypto/openssl/crypto/x509v3/v3_crld.c
+++ b/crypto/openssl/crypto/x509v3/v3_crld.c
@@ -14,7 +14,7 @@
 #include <openssl/asn1t.h>
 #include <openssl/x509v3.h>
 
-#include "internal/x509_int.h"
+#include "crypto/x509.h"
 #include "ext_dat.h"
 
 static void *v2i_crld(const X509V3_EXT_METHOD *method,
diff --git a/crypto/openssl/crypto/x509v3/v3_ncons.c b/crypto/openssl/crypto/x509v3/v3_ncons.c
index 9a2cd5af00c7b..2a7b4f0992a81 100644
--- a/crypto/openssl/crypto/x509v3/v3_ncons.c
+++ b/crypto/openssl/crypto/x509v3/v3_ncons.c
@@ -10,12 +10,12 @@
 #include "internal/cryptlib.h"
 #include "internal/numbers.h"
 #include <stdio.h>
-#include "internal/asn1_int.h"
+#include "crypto/asn1.h"
 #include <openssl/asn1t.h>
 #include <openssl/conf.h>
 #include <openssl/x509v3.h>
 
-#include "internal/x509_int.h"
+#include "crypto/x509.h"
 #include "ext_dat.h"
 
 static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method,
diff --git a/crypto/openssl/crypto/x509v3/v3_purp.c b/crypto/openssl/crypto/x509v3/v3_purp.c
index 2f06289d1949c..3f60c2ea1da33 100644
--- a/crypto/openssl/crypto/x509v3/v3_purp.c
+++ b/crypto/openssl/crypto/x509v3/v3_purp.c
@@ -12,7 +12,7 @@
 #include "internal/numbers.h"
 #include <openssl/x509v3.h>
 #include <openssl/x509_vfy.h>
-#include "internal/x509_int.h"
+#include "crypto/x509.h"
 #include "internal/tsan_assist.h"
 
 static void x509v3_cache_extensions(X509 *x);
diff --git a/crypto/openssl/crypto/x509v3/v3_skey.c b/crypto/openssl/crypto/x509v3/v3_skey.c
index 749f51b2f00ee..c2e82045682a1 100644
--- a/crypto/openssl/crypto/x509v3/v3_skey.c
+++ b/crypto/openssl/crypto/x509v3/v3_skey.c
@@ -10,7 +10,7 @@
 #include <stdio.h>
 #include "internal/cryptlib.h"
 #include <openssl/x509v3.h>
-#include "internal/x509_int.h"
+#include "crypto/x509.h"
 #include "ext_dat.h"
 
 static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method,
diff --git a/crypto/openssl/crypto/x509v3/v3_utl.c b/crypto/openssl/crypto/x509v3/v3_utl.c
index c9b40d2c76eb6..7281a7b917a8c 100644
--- a/crypto/openssl/crypto/x509v3/v3_utl.c
+++ b/crypto/openssl/crypto/x509v3/v3_utl.c
@@ -12,11 +12,11 @@
 #include "e_os.h"
 #include "internal/cryptlib.h"
 #include <stdio.h>
-#include "internal/ctype.h"
+#include "crypto/ctype.h"
 #include <openssl/conf.h>
 #include <openssl/crypto.h>
 #include <openssl/x509v3.h>
-#include "internal/x509_int.h"
+#include "crypto/x509.h"
 #include <openssl/bn.h>
 #include "ext_dat.h"
 
diff --git a/crypto/openssl/crypto/x86_64cpuid.pl b/crypto/openssl/crypto/x86_64cpuid.pl
index 6423e803b7595..d9536d65768f0 100644
--- a/crypto/openssl/crypto/x86_64cpuid.pl
+++ b/crypto/openssl/crypto/x86_64cpuid.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -39,6 +39,7 @@ print<<___;
 .type	OPENSSL_atomic_add,\@abi-omnipotent
 .align	16
 OPENSSL_atomic_add:
+.cfi_startproc
 	movl	($arg1),%eax
 .Lspin:	leaq	($arg2,%rax),%r8
 	.byte	0xf0		# lock
@@ -47,16 +48,19 @@ OPENSSL_atomic_add:
 	movl	%r8d,%eax
 	.byte	0x48,0x98	# cltq/cdqe
 	ret
+.cfi_endproc
 .size	OPENSSL_atomic_add,.-OPENSSL_atomic_add
 
 .globl	OPENSSL_rdtsc
 .type	OPENSSL_rdtsc,\@abi-omnipotent
 .align	16
 OPENSSL_rdtsc:
+.cfi_startproc
 	rdtsc
 	shl	\$32,%rdx
 	or	%rdx,%rax
 	ret
+.cfi_endproc
 .size	OPENSSL_rdtsc,.-OPENSSL_rdtsc
 
 .globl	OPENSSL_ia32_cpuid
@@ -232,6 +236,7 @@ OPENSSL_ia32_cpuid:
 .type   OPENSSL_cleanse,\@abi-omnipotent
 .align  16
 OPENSSL_cleanse:
+.cfi_startproc
 	xor	%rax,%rax
 	cmp	\$15,$arg2
 	jae	.Lot
@@ -261,12 +266,14 @@ OPENSSL_cleanse:
 	cmp	\$0,$arg2
 	jne	.Little
 	ret
+.cfi_endproc
 .size	OPENSSL_cleanse,.-OPENSSL_cleanse
 
 .globl  CRYPTO_memcmp
 .type   CRYPTO_memcmp,\@abi-omnipotent
 .align  16
 CRYPTO_memcmp:
+.cfi_startproc
 	xor	%rax,%rax
 	xor	%r10,%r10
 	cmp	\$0,$arg3
@@ -295,6 +302,7 @@ CRYPTO_memcmp:
 	shr	\$63,%rax
 .Lno_data:
 	ret
+.cfi_endproc
 .size	CRYPTO_memcmp,.-CRYPTO_memcmp
 ___
 
@@ -303,6 +311,7 @@ print<<___ if (!$win64);
 .type	OPENSSL_wipe_cpu,\@abi-omnipotent
 .align	16
 OPENSSL_wipe_cpu:
+.cfi_startproc
 	pxor	%xmm0,%xmm0
 	pxor	%xmm1,%xmm1
 	pxor	%xmm2,%xmm2
@@ -329,6 +338,7 @@ OPENSSL_wipe_cpu:
 	xorq	%r11,%r11
 	leaq	8(%rsp),%rax
 	ret
+.cfi_endproc
 .size	OPENSSL_wipe_cpu,.-OPENSSL_wipe_cpu
 ___
 print<<___ if ($win64);
@@ -365,6 +375,7 @@ print<<___;
 .type	OPENSSL_instrument_bus,\@abi-omnipotent
 .align	16
 OPENSSL_instrument_bus:
+.cfi_startproc
 	mov	$arg1,$out	# tribute to Win64
 	mov	$arg2,$cnt
 	mov	$arg2,$max
@@ -391,12 +402,14 @@ OPENSSL_instrument_bus:
 
 	mov	$max,%rax
 	ret
+.cfi_endproc
 .size	OPENSSL_instrument_bus,.-OPENSSL_instrument_bus
 
 .globl	OPENSSL_instrument_bus2
 .type	OPENSSL_instrument_bus2,\@abi-omnipotent
 .align	16
 OPENSSL_instrument_bus2:
+.cfi_startproc
 	mov	$arg1,$out	# tribute to Win64
 	mov	$arg2,$cnt
 	mov	$arg3,$max
@@ -439,6 +452,7 @@ OPENSSL_instrument_bus2:
 	mov	$redzone(%rsp),%rax
 	sub	$cnt,%rax
 	ret
+.cfi_endproc
 .size	OPENSSL_instrument_bus2,.-OPENSSL_instrument_bus2
 ___
 }
@@ -450,6 +464,7 @@ print<<___;
 .type	OPENSSL_ia32_${rdop}_bytes,\@abi-omnipotent
 .align	16
 OPENSSL_ia32_${rdop}_bytes:
+.cfi_startproc
 	xor	%rax, %rax	# return value
 	cmp	\$0,$arg2
 	je	.Ldone_${rdop}_bytes
@@ -486,10 +501,11 @@ OPENSSL_ia32_${rdop}_bytes:
 .Ldone_${rdop}_bytes:
 	xor	%r10,%r10	# Clear sensitive data from register
 	ret
+.cfi_endproc
 .size	OPENSSL_ia32_${rdop}_bytes,.-OPENSSL_ia32_${rdop}_bytes
 ___
 }
 gen_random("rdrand");
 gen_random("rdseed");
 
-close STDOUT;	# flush
+close STDOUT or die "error closing STDOUT: $!";	# flush
diff --git a/crypto/openssl/crypto/x86cpuid.pl b/crypto/openssl/crypto/x86cpuid.pl
index d43dda4d935cb..ba4fd80fb32e2 100644
--- a/crypto/openssl/crypto/x86cpuid.pl
+++ b/crypto/openssl/crypto/x86cpuid.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2004-2020 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -506,4 +506,4 @@ my $rdop = shift;
 
 &asm_finish();
 
-close STDOUT;
+close STDOUT or die "error closing STDOUT: $!";
diff --git a/crypto/openssl/doc/HOWTO/proxy_certificates.txt b/crypto/openssl/doc/HOWTO/proxy_certificates.txt
deleted file mode 100644
index 3c42349261111..0000000000000
--- a/crypto/openssl/doc/HOWTO/proxy_certificates.txt
+++ /dev/null
@@ -1,319 +0,0 @@
-			HOWTO proxy certificates
-
-0. WARNING
-
-NONE OF THE CODE PRESENTED HERE HAS BEEN CHECKED!  The code is just examples to
-show you how things could be done.  There might be typos or type conflicts, and
-you will have to resolve them.
-
-1. Introduction
-
-Proxy certificates are defined in RFC 3820.  They are really usual certificates
-with the mandatory extension proxyCertInfo.
-
-Proxy certificates are issued by an End Entity (typically a user), either
-directly with the EE certificate as issuing certificate, or by extension through
-an already issued proxy certificate.  Proxy certificates are used to extend
-rights to some other entity (a computer process, typically, or sometimes to the
-user itself).  This allows the entity to perform operations on behalf of the
-owner of the EE certificate.
-
-See https://www.ietf.org/rfc/rfc3820.txt for more information.
-
-
-2. A warning about proxy certificates
-
-No one seems to have tested proxy certificates with security in mind.  To this
-date, it seems that proxy certificates have only been used in a context highly
-aware of them.
-
-Existing applications might misbehave when trying to validate a chain of
-certificates which use a proxy certificate.  They might incorrectly consider the
-leaf to be the certificate to check for authorisation data, which is controlled
-by the EE certificate owner.
-
-subjectAltName and issuerAltName are forbidden in proxy certificates, and this
-is enforced in OpenSSL.  The subject must be the same as the issuer, with one
-commonName added on.
-
-Possible threats we can think of at this time include:
-
- - impersonation through commonName (think server certificates).
- - use of additional extensions, possibly non-standard ones used in certain
-   environments, that would grant extra or different authorisation rights.
-
-For these reasons, OpenSSL requires that the use of proxy certificates be
-explicitly allowed.  Currently, this can be done using the following methods:
-
- - if the application directly calls X509_verify_cert(), it can first call:
-
-   X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_ALLOW_PROXY_CERTS);
-
-   Where ctx is the pointer which then gets passed to X509_verify_cert().
-
- - proxy certificate validation can be enabled before starting the application
-   by setting the environment variable OPENSSL_ALLOW_PROXY_CERTS.
-
-In the future, it might be possible to enable proxy certificates by editing
-openssl.cnf.
-
-
-3. How to create proxy certificates
-
-Creating proxy certificates is quite easy, by taking advantage of a lack of
-checks in the 'openssl x509' application (*ahem*).  You must first create a
-configuration section that contains a definition of the proxyCertInfo extension,
-for example:
-
-  [ v3_proxy ]
-  # A proxy certificate MUST NEVER be a CA certificate.
-  basicConstraints=CA:FALSE
-
-  # Usual authority key ID
-  authorityKeyIdentifier=keyid,issuer:always
-
-  # The extension which marks this certificate as a proxy
-  proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:1,policy:text:AB
-
-It's also possible to specify the proxy extension in a separate section:
-
-  proxyCertInfo=critical,@proxy_ext
-
-  [ proxy_ext ]
-  language=id-ppl-anyLanguage
-  pathlen=0
-  policy=text:BC
-
-The policy value has a specific syntax, {syntag}:{string}, where the syntag
-determines what will be done with the string.  The following syntags are
-recognised:
-
-  text  indicates that the string is simply bytes, without any encoding:
-
-          policy=text:räksmörgås
-
-        Previous versions of this design had a specific tag for UTF-8 text.
-        However, since the bytes are copied as-is anyway, there is no need for
-        such a specific tag.
-
-  hex   indicates the string is encoded in hex, with colons between each byte
-        (every second hex digit):
-
-          policy=hex:72:E4:6B:73:6D:F6:72:67:E5:73
-
-        Previous versions of this design had a tag to insert a complete DER
-        blob.  However, the only legal use for this would be to surround the
-        bytes that would go with the hex: tag with whatever is needed to
-        construct a correct OCTET STRING.  The DER tag therefore felt
-        superfluous, and was removed.
-
-  file  indicates that the text of the policy should really be taken from a
-        file.  The string is then really a file name.  This is useful for
-        policies that are large (more than a few lines, e.g. XML documents).
-
-The 'policy' setting can be split up in multiple lines like this:
-
-  0.policy=This is
-  1.policy= a multi-
-  2.policy=line policy.
-
-NOTE: the proxy policy value is the part which determines the rights granted to
-the process using the proxy certificate.  The value is completely dependent on
-the application reading and interpreting it!
-
-Now that you have created an extension section for your proxy certificate, you
-can easily create a proxy certificate by doing:
-
-  openssl req -new -config openssl.cnf -out proxy.req -keyout proxy.key
-  openssl x509 -req -CAcreateserial -in proxy.req -days 7 -out proxy.crt \
-    -CA user.crt -CAkey user.key -extfile openssl.cnf -extensions v3_proxy
-
-You can also create a proxy certificate using another proxy certificate as
-issuer (note: I'm using a different configuration section for it):
-
-  openssl req -new -config openssl.cnf -out proxy2.req -keyout proxy2.key
-  openssl x509 -req -CAcreateserial -in proxy2.req -days 7 -out proxy2.crt \
-    -CA proxy.crt -CAkey proxy.key -extfile openssl.cnf -extensions v3_proxy2
-
-
-4. How to have your application interpret the policy?
-
-The basic way to interpret proxy policies is to start with some default rights,
-then compute the resulting rights by checking the proxy certificate against
-the chain of proxy certificates, user certificate and CA certificates. You then
-use the final computed rights.  Sounds easy, huh?  It almost is.
-
-The slightly complicated part is figuring out how to pass data between your
-application and the certificate validation procedure.
-
-You need the following ingredients:
-
- - a callback function that will be called for every certificate being
-   validated.  The callback be called several times for each certificate,
-   so you must be careful to do the proxy policy interpretation at the right
-   time.  You also need to fill in the defaults when the EE certificate is
-   checked.
-
- - a data structure that is shared between your application code and the
-   callback.
-
- - a wrapper function that sets it all up.
-
- - an ex_data index function that creates an index into the generic ex_data
-   store that is attached to an X509 validation context.
-
-Here is some skeleton code you can fill in:
-
-  #include <string.h>
-  #include <netdb.h>
-  #include <openssl/x509.h>
-  #include <openssl/x509v3.h>
-
-  #define total_rights 25
-
-  /*
-   * In this example, I will use a view of granted rights as a bit
-   * array, one bit for each possible right.
-   */
-  typedef struct your_rights {
-      unsigned char rights[(total_rights + 7) / 8];
-  } YOUR_RIGHTS;
-
-  /*
-   * The following procedure will create an index for the ex_data
-   * store in the X509 validation context the first time it's called.
-   * Subsequent calls will return the same index.  */
-  static int get_proxy_auth_ex_data_idx(X509_STORE_CTX *ctx)
-  {
-      static volatile int idx = -1;
-      if (idx < 0) {
-          X509_STORE_lock(X509_STORE_CTX_get0_store(ctx));
-          if (idx < 0) {
-              idx = X509_STORE_CTX_get_ex_new_index(0,
-                                                    "for verify callback",
-                                                    NULL,NULL,NULL);
-          }
-          X509_STORE_unlock(X509_STORE_CTX_get0_store(ctx));
-      }
-      return idx;
-  }
-
-  /* Callback to be given to the X509 validation procedure.  */
-  static int verify_callback(int ok, X509_STORE_CTX *ctx)
-  {
-      if (ok == 1) {
-          /*
-           * It's REALLY important you keep the proxy policy
-           * check within this section.  It's important to know
-           * that when ok is 1, the certificates are checked
-           * from top to bottom.  You get the CA root first,
-           * followed by the possible chain of intermediate
-           * CAs, followed by the EE certificate, followed by
-           * the possible proxy certificates.
-           */
-          X509 *xs = X509_STORE_CTX_get_current_cert(ctx);
-
-          if (X509_get_extension_flags(xs) & EXFLAG_PROXY) {
-              YOUR_RIGHTS *rights =
-                  (YOUR_RIGHTS *)X509_STORE_CTX_get_ex_data(ctx,
-                      get_proxy_auth_ex_data_idx(ctx));
-              PROXY_CERT_INFO_EXTENSION *pci =
-                  X509_get_ext_d2i(xs, NID_proxyCertInfo, NULL, NULL);
-
-              switch (OBJ_obj2nid(pci->proxyPolicy->policyLanguage)) {
-              case NID_Independent:
-                  /*
-                   * Do whatever you need to grant explicit rights to
-                   * this particular proxy certificate, usually by
-                   * pulling them from some database.  If there are none
-                   * to be found, clear all rights (making this and any
-                   * subsequent proxy certificate void of any rights).
-                   */
-                  memset(rights->rights, 0, sizeof(rights->rights));
-                  break;
-              case NID_id_ppl_inheritAll:
-                  /*
-                   * This is basically a NOP, we simply let the current
-                   * rights stand as they are.
-                   */
-                  break;
-              default:
-                  /* This is usually the most complex section of code.
-                   * You really do whatever you want as long as you
-                   * follow RFC 3820.  In the example we use here, the
-                   * simplest thing to do is to build another, temporary
-                   * bit array and fill it with the rights granted by
-                   * the current proxy certificate, then use it as a
-                   * mask on the accumulated rights bit array, and
-                   * voilà, you now have a new accumulated rights bit
-                   * array.
-                   */
-                  {
-                      int i;
-                      YOUR_RIGHTS tmp_rights;
-                      memset(tmp_rights.rights, 0, sizeof(tmp_rights.rights));
-
-                      /*
-                       * process_rights() is supposed to be a procedure
-                       * that takes a string and its length, interprets
-                       * it and sets the bits in the YOUR_RIGHTS pointed
-                       * at by the third argument.
-                       */
-                      process_rights((char *) pci->proxyPolicy->policy->data,
-                                     pci->proxyPolicy->policy->length,
-                                     &tmp_rights);
-
-                      for(i = 0; i < total_rights / 8; i++)
-                          rights->rights[i] &= tmp_rights.rights[i];
-                  }
-                  break;
-              }
-              PROXY_CERT_INFO_EXTENSION_free(pci);
-          } else if (!(X509_get_extension_flags(xs) & EXFLAG_CA)) {
-              /* We have an EE certificate, let's use it to set default! */
-              YOUR_RIGHTS *rights =
-                  (YOUR_RIGHTS *)X509_STORE_CTX_get_ex_data(ctx,
-                      get_proxy_auth_ex_data_idx(ctx));
-
-              /* The following procedure finds out what rights the owner
-               * of the current certificate has, and sets them in the
-               * YOUR_RIGHTS structure pointed at by the second
-               * argument.
-               */
-              set_default_rights(xs, rights);
-          }
-      }
-      return ok;
-  }
-
-  static int my_X509_verify_cert(X509_STORE_CTX *ctx,
-                                 YOUR_RIGHTS *needed_rights)
-  {
-      int ok;
-      int (*save_verify_cb)(int ok,X509_STORE_CTX *ctx) =
-          X509_STORE_CTX_get_verify_cb(ctx);
-      YOUR_RIGHTS rights;
-
-      X509_STORE_CTX_set_verify_cb(ctx, verify_callback);
-      X509_STORE_CTX_set_ex_data(ctx, get_proxy_auth_ex_data_idx(ctx), &rights);
-      X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_ALLOW_PROXY_CERTS);
-      ok = X509_verify_cert(ctx);
-
-      if (ok == 1) {
-          ok = check_needed_rights(rights, needed_rights);
-      }
-
-      X509_STORE_CTX_set_verify_cb(ctx, save_verify_cb);
-
-      return ok;
-  }
-
-
-If you use SSL or TLS, you can easily set up a callback to have the
-certificates checked properly, using the code above:
-
-  SSL_CTX_set_cert_verify_callback(s_ctx, my_X509_verify_cert, &needed_rights);
-
-
---
-Richard Levitte
diff --git a/crypto/openssl/doc/man1/ca.pod b/crypto/openssl/doc/man1/ca.pod
index 7385a00941ea3..27bb31493a7ff 100644
--- a/crypto/openssl/doc/man1/ca.pod
+++ b/crypto/openssl/doc/man1/ca.pod
@@ -51,6 +51,7 @@ B<openssl> B<ca>
 [B<-engine id>]
 [B<-subj arg>]
 [B<-utf8>]
+[B<-sigopt nm:v>]
 [B<-create_serial>]
 [B<-rand_serial>]
 [B<-multivalue-rdn>]
@@ -134,6 +135,11 @@ The private key to sign requests with.
 The format of the data in the private key file.
 The default is PEM.
 
+=item B<-sigopt nm:v>
+
+Pass options to the signature algorithm during sign or verify operations.
+Names and values of these options are algorithm-specific.
+
 =item B<-key password>
 
 The password used to encrypt the private key. Since on some
diff --git a/crypto/openssl/doc/man1/dgst.pod b/crypto/openssl/doc/man1/dgst.pod
index 66a6697eb10e8..ea2c4e3e1598b 100644
--- a/crypto/openssl/doc/man1/dgst.pod
+++ b/crypto/openssl/doc/man1/dgst.pod
@@ -12,6 +12,7 @@ B<openssl dgst>
 [B<-help>]
 [B<-c>]
 [B<-d>]
+[B<-list>]
 [B<-hex>]
 [B<-binary>]
 [B<-r>]
@@ -22,6 +23,7 @@ B<openssl dgst>
 [B<-verify filename>]
 [B<-prverify filename>]
 [B<-signature filename>]
+[B<-sigopt nm:v>]
 [B<-hmac key>]
 [B<-fips-fingerprint>]
 [B<-rand file...>]
@@ -66,6 +68,10 @@ B<hex> format output is used.
 
 Print out BIO debugging information.
 
+=item B<-list>
+
+Prints out a list of supported message digests.
+
 =item B<-hex>
 
 Digest is to be output as a hex dump. This is the default case for a "normal"
@@ -78,7 +84,8 @@ Output the digest or signature in binary form.
 
 =item B<-r>
 
-Output the digest in the "coreutils" format used by programs like B<sha1sum>.
+Output the digest in the "coreutils" format, including newlines.
+Used by programs like B<sha1sum>.
 
 =item B<-out filename>
 
diff --git a/crypto/openssl/doc/man1/enc.pod b/crypto/openssl/doc/man1/enc.pod
index a3e0b03b2000b..6f20ac1fc7d56 100644
--- a/crypto/openssl/doc/man1/enc.pod
+++ b/crypto/openssl/doc/man1/enc.pod
@@ -9,6 +9,7 @@ enc - symmetric cipher routines
 
 B<openssl enc -I<cipher>>
 [B<-help>]
+[B<-list>]
 [B<-ciphers>]
 [B<-in filename>]
 [B<-out filename>]
@@ -56,10 +57,14 @@ either by itself or in addition to the encryption or decryption.
 
 Print out a usage message.
 
-=item B<-ciphers>
+=item B<-list>
 
 List all supported ciphers.
 
+=item B<-ciphers>
+
+Alias of -list to display all supported ciphers.
+
 =item B<-in filename>
 
 The input filename, standard input by default.
@@ -419,6 +424,8 @@ certain parameters. So if, for example, you want to use RC2 with a
 
 The default digest was changed from MD5 to SHA256 in OpenSSL 1.1.0.
 
+The B<-list> option was added in OpenSSL 1.1.1e.
+
 =head1 COPYRIGHT
 
 Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/crypto/openssl/doc/man1/rand.pod b/crypto/openssl/doc/man1/rand.pod
index 5dd9e8e0a56a7..b5d45ab51cf08 100644
--- a/crypto/openssl/doc/man1/rand.pod
+++ b/crypto/openssl/doc/man1/rand.pod
@@ -18,12 +18,14 @@ I<num>
 
 =head1 DESCRIPTION
 
-The B<rand> command outputs I<num> pseudo-random bytes after seeding
-the random number generator once.  As in other B<openssl> command
-line tools, PRNG seeding uses the file I<$HOME/>B<.rnd> or B<.rnd>
-in addition to the files given in the B<-rand> option.  A new
-I<$HOME>/B<.rnd> or B<.rnd> file will be written back if enough
-seeding was obtained from these sources.
+This command generates I<num> random bytes using a cryptographically
+secure pseudo random number generator (CSPRNG).
+
+The random bytes are generated using the L<RAND_bytes(3)> function,
+which provides a security level of 256 bits, provided it managed to
+seed itself successfully from a trusted operating system entropy source.
+Otherwise, the command will fail with a nonzero error code.
+For more details, see L<RAND_bytes(3)>, L<RAND(7)>, and L<RAND_DRBG(7)>.
 
 =head1 OPTIONS
 
@@ -44,6 +46,8 @@ generator.
 Multiple files can be specified separated by an OS-dependent character.
 The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
 all others.
+Explicitly specifying a seed file is in general not necessary, see the
+L</NOTES> section for more information.
 
 =item [B<-writerand file>]
 
@@ -60,13 +64,28 @@ Show the output as a hex string.
 
 =back
 
+=head1 NOTES
+
+Prior to OpenSSL 1.1.1, it was common for applications to store information
+about the state of the random-number generator in a file that was loaded
+at startup and rewritten upon exit. On modern operating systems, this is
+generally no longer necessary as OpenSSL will seed itself from a trusted
+entropy source provided by the operating system. The B<-rand>  and
+B<-writerand>  flags are still supported for special platforms or
+circumstances that might require them.
+
+It is generally an error to use the same seed file more than once and
+every use of B<-rand> should be paired with B<-writerand>.
+
 =head1 SEE ALSO
 
-L<RAND_bytes(3)>
+L<RAND_bytes(3)>,
+L<RAND(7)>,
+L<RAND_DRBG(7)>
 
 =head1 COPYRIGHT
 
-Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/crypto/openssl/doc/man1/req.pod b/crypto/openssl/doc/man1/req.pod
index a9b5b1690a5cf..730c59079d679 100644
--- a/crypto/openssl/doc/man1/req.pod
+++ b/crypto/openssl/doc/man1/req.pod
@@ -46,6 +46,7 @@ B<openssl> B<req>
 [B<-reqopt>]
 [B<-subject>]
 [B<-subj arg>]
+[B<-sigopt nm:v>]
 [B<-batch>]
 [B<-verbose>]
 [B<-engine id>]
@@ -82,6 +83,11 @@ This specifies the input filename to read a request from or standard input
 if this option is not specified. A request is only read if the creation
 options (B<-new> and B<-newkey>) are not specified.
 
+=item B<-sigopt nm:v>
+
+Pass options to the signature algorithm during sign or verify operations.
+Names and values of these options are algorithm-specific.
+
 =item B<-passin arg>
 
 The input file password source. For more information about the format of B<arg>
@@ -689,7 +695,7 @@ L<x509v3_config(5)>
 
 =head1 COPYRIGHT
 
-Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/crypto/openssl/doc/man1/s_client.pod b/crypto/openssl/doc/man1/s_client.pod
index e2475ea0678fb..68a152a272bd4 100644
--- a/crypto/openssl/doc/man1/s_client.pod
+++ b/crypto/openssl/doc/man1/s_client.pod
@@ -335,7 +335,7 @@ at a positive depth or else "matched EE certificate" at depth 0.
 
 Use one or more times to specify the RRDATA fields of the DANE TLSA
 RRset associated with the target service.  The B<rrdata> value is
-specied in "presentation form", that is four whitespace separated
+specified in "presentation form", that is four whitespace separated
 fields that specify the usage, selector, matching type and associated
 data, with the last of these encoded in hexadecimal.  Optional
 whitespace is ignored in the associated data field.  For example:
@@ -828,7 +828,7 @@ The B<-name> option was added in OpenSSL 1.1.1.
 
 =head1 COPYRIGHT
 
-Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/crypto/openssl/doc/man1/sess_id.pod b/crypto/openssl/doc/man1/sess_id.pod
index 1f7a1e8670cf8..6c54ed988bbec 100644
--- a/crypto/openssl/doc/man1/sess_id.pod
+++ b/crypto/openssl/doc/man1/sess_id.pod
@@ -93,7 +93,7 @@ Typical output:
      Timeout   : 300 (sec)
      Verify return code 0 (ok)
 
-Theses are described below in more detail.
+These are described below in more detail.
 
 =over 4
 
@@ -156,7 +156,7 @@ L<ciphers(1)>, L<s_server(1)>
 
 =head1 COPYRIGHT
 
-Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/crypto/openssl/doc/man1/x509.pod b/crypto/openssl/doc/man1/x509.pod
index 7878753414da0..65cec9dbda676 100644
--- a/crypto/openssl/doc/man1/x509.pod
+++ b/crypto/openssl/doc/man1/x509.pod
@@ -11,7 +11,7 @@ B<openssl> B<x509>
 [B<-help>]
 [B<-inform DER|PEM>]
 [B<-outform DER|PEM>]
-[B<-keyform DER|PEM>]
+[B<-keyform DER|PEM|ENGINE>]
 [B<-CAform DER|PEM>]
 [B<-CAkeyform DER|PEM>]
 [B<-in filename>]
@@ -44,7 +44,7 @@ B<openssl> B<x509>
 [B<-setalias arg>]
 [B<-days arg>]
 [B<-set_serial n>]
-[B<-signkey filename>]
+[B<-signkey arg>]
 [B<-passin arg>]
 [B<-x509toreq>]
 [B<-req>]
@@ -61,6 +61,7 @@ B<openssl> B<x509>
 [B<-clrext>]
 [B<-extfile filename>]
 [B<-extensions section>]
+[B<-sigopt nm:v>]
 [B<-rand file...>]
 [B<-writerand file>]
 [B<-engine id>]
@@ -349,10 +350,11 @@ can thus behave like a "mini CA".
 
 =over 4
 
-=item B<-signkey filename>
+=item B<-signkey arg>
 
 This option causes the input file to be self signed using the supplied
-private key.
+private key or engine. The private key's format is specified with the
+B<-keyform> option.
 
 If the input file is a certificate it sets the issuer name to the
 subject name (i.e.  makes it self signed) changes the public key to the
@@ -366,6 +368,11 @@ If the input is a certificate request then a self signed certificate
 is created using the supplied private key using the subject name in
 the request.
 
+=item B<-sigopt nm:v>
+
+Pass options to the signature algorithm during sign or verify operations.
+Names and values of these options are algorithm-specific.
+
 =item B<-passin arg>
 
 The key password source. For more information about the format of B<arg>
@@ -378,7 +385,7 @@ certificate is being created from another certificate (for example with
 the B<-signkey> or the B<-CA> options). Normally all extensions are
 retained.
 
-=item B<-keyform PEM|DER>
+=item B<-keyform PEM|DER|ENGINE>
 
 Specifies the format (DER or PEM) of the private key file used in the
 B<-signkey> option.
@@ -925,7 +932,7 @@ the old form must have their links rebuilt using B<c_rehash> or similar.
 
 =head1 COPYRIGHT
 
-Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/crypto/openssl/doc/man3/ASN1_INTEGER_get_int64.pod b/crypto/openssl/doc/man3/ASN1_INTEGER_get_int64.pod
index 9b73290742d4e..ac6a5799df9d1 100644
--- a/crypto/openssl/doc/man3/ASN1_INTEGER_get_int64.pod
+++ b/crypto/openssl/doc/man3/ASN1_INTEGER_get_int64.pod
@@ -22,10 +22,10 @@ ASN1_INTEGER_get_int64, ASN1_INTEGER_get, ASN1_INTEGER_set_int64, ASN1_INTEGER_s
  ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai);
  BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn);
 
- int ASN1_ENUMERATED_get_int64(int64_t *pr, const ASN1_INTEGER *a);
+ int ASN1_ENUMERATED_get_int64(int64_t *pr, const ASN1_ENUMERATED *a);
  long ASN1_ENUMERATED_get(const ASN1_ENUMERATED *a);
 
- int ASN1_ENUMERATED_set_int64(ASN1_INTEGER *a, int64_t r);
+ int ASN1_ENUMERATED_set_int64(ASN1_ENUMERATED *a, int64_t r);
  int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v);
 
  ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai);
diff --git a/crypto/openssl/doc/man3/ASN1_TYPE_get.pod b/crypto/openssl/doc/man3/ASN1_TYPE_get.pod
index 70c56878b8e6c..fb797220a47f0 100644
--- a/crypto/openssl/doc/man3/ASN1_TYPE_get.pod
+++ b/crypto/openssl/doc/man3/ASN1_TYPE_get.pod
@@ -69,7 +69,7 @@ If either or both of the parameters passed to ASN1_TYPE_cmp() is NULL the
 return value is non-zero. Technically if both parameters are NULL the two
 types could be absent OPTIONAL fields and so should match, however passing
 NULL values could also indicate a programming error (for example an
-unparseable type which returns NULL) for types which do B<not> match. So
+unparsable type which returns NULL) for types which do B<not> match. So
 applications should handle the case of two absent values separately.
 
 =head1 RETURN VALUES
@@ -90,7 +90,7 @@ NULL on failure.
 
 =head1 COPYRIGHT
 
-Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/crypto/openssl/doc/man3/BIO_f_buffer.pod b/crypto/openssl/doc/man3/BIO_f_buffer.pod
index 8ceaaa3c03430..047a11d2407c4 100644
--- a/crypto/openssl/doc/man3/BIO_f_buffer.pod
+++ b/crypto/openssl/doc/man3/BIO_f_buffer.pod
@@ -49,10 +49,20 @@ is expanded.
 
 These functions, other than BIO_f_buffer(), are implemented as macros.
 
-Buffering BIOs implement BIO_gets() by using BIO_read_ex() operations on the
-next BIO in the chain. By prepending a buffering BIO to a chain it is therefore
-possible to provide BIO_gets() functionality if the following BIOs do not
-support it (for example SSL BIOs).
+Buffering BIOs implement BIO_read_ex() and BIO_gets() by using
+BIO_read_ex() operations on the next BIO in the chain and storing the
+result in an internal buffer, from which bytes are given back to the
+caller as appropriate for the call; a BIO_gets() is guaranteed to give
+the caller a whole line, and BIO_read_ex() is guaranteed to give the
+caller the number of bytes it asks for, unless there's an error or end
+of communication is reached in the next BIO.  By prepending a
+buffering BIO to a chain it is therefore possible to provide
+BIO_gets() or exact size BIO_read_ex() functionality if the following
+BIOs do not support it.
+
+Do not add more than one BIO_f_buffer() to a BIO chain.  The result of
+doing so will force a full read of the size of the internal buffer of
+the top BIO_f_buffer(), which is 4 KiB at a minimum.
 
 Data is only written to the next BIO in the chain when the write buffer fills
 or when BIO_flush() is called. It is therefore important to call BIO_flush()
@@ -82,7 +92,7 @@ L<BIO_ctrl(3)>.
 
 =head1 COPYRIGHT
 
-Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/crypto/openssl/doc/man3/BIO_get_ex_new_index.pod b/crypto/openssl/doc/man3/BIO_get_ex_new_index.pod
index e61228f1caeaf..89008531d3810 100644
--- a/crypto/openssl/doc/man3/BIO_get_ex_new_index.pod
+++ b/crypto/openssl/doc/man3/BIO_get_ex_new_index.pod
@@ -39,7 +39,7 @@ L<CRYPTO_get_ex_new_index(3)>.
 These functions handle application-specific data for OpenSSL data
 structures.
 
-TYPE_get_new_ex_index() is a macro that calls CRYPTO_get_ex_new_index()
+TYPE_get_ex_new_index() is a macro that calls CRYPTO_get_ex_new_index()
 with the correct B<index> value.
 
 TYPE_set_ex_data() is a function that calls CRYPTO_set_ex_data() with
@@ -50,7 +50,7 @@ an offset into the opaque exdata part of the TYPE object.
 
 =head1 RETURN VALUES
 
-TYPE_get_new_ex_index() returns a new index on success or -1 on error.
+TYPE_get_ex_new_index() returns a new index on success or -1 on error.
 
 TYPE_set_ex_data() returns 1 on success or 0 on error.
 
@@ -62,7 +62,7 @@ L<CRYPTO_get_ex_new_index(3)>.
 
 =head1 COPYRIGHT
 
-Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/crypto/openssl/doc/man3/DTLSv1_listen.pod b/crypto/openssl/doc/man3/DTLSv1_listen.pod
index 76be40b68f10c..98511a475f9fd 100644
--- a/crypto/openssl/doc/man3/DTLSv1_listen.pod
+++ b/crypto/openssl/doc/man3/DTLSv1_listen.pod
@@ -66,9 +66,9 @@ the peer and continue the handshake in a connected state.
 
 Prior to calling DTLSv1_listen() user code must ensure that cookie generation
 and verification callbacks have been set up using
-SSL_CTX_set_cookie_generate_cb() and SSL_CTX_set_cookie_verify_cb()
-respectively. For SSL_stateless(), SSL_CTX_set_stateless_cookie_generate_cb()
-and SSL_CTX_set_stateless_cookie_verify_cb() must be used instead.
+L<SSL_CTX_set_cookie_generate_cb(3)> and L<SSL_CTX_set_cookie_verify_cb(3)>
+respectively. For SSL_stateless(), L<SSL_CTX_set_stateless_cookie_generate_cb(3)>
+and L<SSL_CTX_set_stateless_cookie_verify_cb(3)> must be used instead.
 
 Since DTLSv1_listen() operates entirely statelessly whilst processing incoming
 ClientHellos it is unable to process fragmented messages (since this would
@@ -112,8 +112,10 @@ errors as non-fatal), whilst return codes >0 indicate success.
 
 =head1 SEE ALSO
 
-L<SSL_get_error(3)>, L<SSL_accept(3)>,
-L<ssl(7)>, L<bio(7)>
+L<SSL_CTX_set_cookie_generate_cb(3)>, L<SSL_CTX_set_cookie_verify_cb(3)>,
+L<SSL_CTX_set_stateless_cookie_generate_cb(3)>,
+L<SSL_CTX_set_stateless_cookie_verify_cb(3)>, L<SSL_get_error(3)>,
+L<SSL_accept(3)>, L<ssl(7)>, L<bio(7)>
 
 =head1 HISTORY
 
diff --git a/crypto/openssl/doc/man3/EC_GROUP_copy.pod b/crypto/openssl/doc/man3/EC_GROUP_copy.pod
index 7bf3500623758..0d50fdc0c74f3 100644
--- a/crypto/openssl/doc/man3/EC_GROUP_copy.pod
+++ b/crypto/openssl/doc/man3/EC_GROUP_copy.pod
@@ -40,7 +40,7 @@ EC_GROUP_get_pentanomial_basis
  int EC_GROUP_get_asn1_flag(const EC_GROUP *group);
 
  void EC_GROUP_set_point_conversion_form(EC_GROUP *group, point_conversion_form_t form);
- point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP *);
+ point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP *group);
 
  unsigned char *EC_GROUP_get0_seed(const EC_GROUP *x);
  size_t EC_GROUP_get_seed_len(const EC_GROUP *);
@@ -61,34 +61,39 @@ EC_GROUP_get_pentanomial_basis
 
 =head1 DESCRIPTION
 
-EC_GROUP_copy copies the curve B<src> into B<dst>. Both B<src> and B<dst> must use the same EC_METHOD.
+EC_GROUP_copy() copies the curve B<src> into B<dst>. Both B<src> and B<dst> must use the same EC_METHOD.
 
-EC_GROUP_dup creates a new EC_GROUP object and copies the content from B<src> to the newly created
+EC_GROUP_dup() creates a new EC_GROUP object and copies the content from B<src> to the newly created
 EC_GROUP object.
 
-EC_GROUP_method_of obtains the EC_METHOD of B<group>.
+EC_GROUP_method_of() obtains the EC_METHOD of B<group>.
 
-EC_GROUP_set_generator sets curve parameters that must be agreed by all participants using the curve. These
+EC_GROUP_set_generator() sets curve parameters that must be agreed by all participants using the curve. These
 parameters include the B<generator>, the B<order> and the B<cofactor>. The B<generator> is a well defined point on the
 curve chosen for cryptographic operations. Integers used for point multiplications will be between 0 and
 n-1 where n is the B<order>. The B<order> multiplied by the B<cofactor> gives the number of points on the curve.
 
-EC_GROUP_get0_generator returns the generator for the identified B<group>.
+EC_GROUP_get0_generator() returns the generator for the identified B<group>.
 
-The functions EC_GROUP_get_order and EC_GROUP_get_cofactor populate the provided B<order> and B<cofactor> parameters
-with the respective order and cofactors for the B<group>.
+EC_GROUP_get_order() retrieves the order of B<group> and copies its value into
+B<order>.  It fails in case B<group> is not fully initialized (i.e., its order
+is not set or set to zero).
 
-The functions EC_GROUP_set_curve_name and EC_GROUP_get_curve_name, set and get the NID for the curve respectively
+EC_GROUP_get_cofactor() retrieves the cofactor of B<group> and copies its value
+into B<cofactor>. It fails in case  B<group> is not fully initialized or if the
+cofactor is not set (or set to zero).
+
+The functions EC_GROUP_set_curve_name() and EC_GROUP_get_curve_name(), set and get the NID for the curve respectively
 (see L<EC_GROUP_new(3)>). If a curve does not have a NID associated with it, then EC_GROUP_get_curve_name
-will return 0.
+will return NID_undef.
 
 The asn1_flag value is used to determine whether the curve encoding uses
 explicit parameters or a named curve using an ASN1 OID: many applications only
 support the latter form. If asn1_flag is B<OPENSSL_EC_NAMED_CURVE> then the
 named curve form is used and the parameters must have a corresponding
 named curve NID set. If asn1_flags is B<OPENSSL_EC_EXPLICIT_CURVE> the
-parameters are explicitly encoded. The functions EC_GROUP_get_asn1_flag and
-EC_GROUP_set_asn1_flag get and set the status of the asn1_flag for the curve.
+parameters are explicitly encoded. The functions EC_GROUP_get_asn1_flag() and
+EC_GROUP_set_asn1_flag() get and set the status of the asn1_flag for the curve.
 Note: B<OPENSSL_EC_EXPLICIT_CURVE> was added in OpenSSL 1.1.0, for
 previous versions of OpenSSL the value 0 must be used instead. Before OpenSSL
 1.1.0 the default form was to use explicit parameters (meaning that
@@ -119,32 +124,32 @@ the two possible solutions for y has been used, followed by the octets for x.
 For POINT_CONVERSION_HYBRID the point is encoded as an octet signifying the HYBRID form has been used AND which of the two
 possible solutions for y has been used, followed by the octets for x, followed by the octets for y.
 
-The functions EC_GROUP_set_point_conversion_form and EC_GROUP_get_point_conversion_form set and get the point_conversion_form
+The functions EC_GROUP_set_point_conversion_form() and EC_GROUP_get_point_conversion_form(), set and get the point_conversion_form
 for the curve respectively.
 
 ANSI X9.62 (ECDSA standard) defines a method of generating the curve parameter b from a random number. This provides advantages
 in that a parameter obtained in this way is highly unlikely to be susceptible to special purpose attacks, or have any trapdoors in it.
 If the seed is present for a curve then the b parameter was generated in a verifiable fashion using that seed. The OpenSSL EC library
-does not use this seed value but does enable you to inspect it using EC_GROUP_get0_seed. This returns a pointer to a memory block
-containing the seed that was used. The length of the memory block can be obtained using EC_GROUP_get_seed_len. A number of the
-builtin curves within the library provide seed values that can be obtained. It is also possible to set a custom seed using
-EC_GROUP_set_seed and passing a pointer to a memory block, along with the length of the seed. Again, the EC library will not use
+does not use this seed value but does enable you to inspect it using EC_GROUP_get0_seed(). This returns a pointer to a memory block
+containing the seed that was used. The length of the memory block can be obtained using EC_GROUP_get_seed_len(). A number of the
+built-in curves within the library provide seed values that can be obtained. It is also possible to set a custom seed using
+EC_GROUP_set_seed() and passing a pointer to a memory block, along with the length of the seed. Again, the EC library will not use
 this seed value, although it will be preserved in any ASN1 based communications.
 
-EC_GROUP_get_degree gets the degree of the field. For Fp fields this will be the number of bits in p.  For F2^m fields this will be
+EC_GROUP_get_degree() gets the degree of the field. For Fp fields this will be the number of bits in p.  For F2^m fields this will be
 the value m.
 
-The function EC_GROUP_check_discriminant calculates the discriminant for the curve and verifies that it is valid.
+The function EC_GROUP_check_discriminant() calculates the discriminant for the curve and verifies that it is valid.
 For a curve defined over Fp the discriminant is given by the formula 4*a^3 + 27*b^2 whilst for F2^m curves the discriminant is
 simply b. In either case for the curve to be valid the discriminant must be non zero.
 
-The function EC_GROUP_check performs a number of checks on a curve to verify that it is valid. Checks performed include
+The function EC_GROUP_check() performs a number of checks on a curve to verify that it is valid. Checks performed include
 verifying that the discriminant is non zero; that a generator has been defined; that the generator is on the curve and has
 the correct order.
 
-EC_GROUP_cmp compares B<a> and B<b> to determine whether they represent the same curve or not.
+EC_GROUP_cmp() compares B<a> and B<b> to determine whether they represent the same curve or not.
 
-The functions EC_GROUP_get_basis_type, EC_GROUP_get_trinomial_basis and EC_GROUP_get_pentanomial_basis should only be called for curves
+The functions EC_GROUP_get_basis_type(), EC_GROUP_get_trinomial_basis() and EC_GROUP_get_pentanomial_basis() should only be called for curves
 defined over an F2^m field. Addition and multiplication operations within an F2^m field are performed using an irreducible polynomial
 function f(x). This function is either a trinomial of the form:
 
@@ -154,39 +159,48 @@ or a pentanomial of the form:
 
 f(x) = x^m + x^k3 + x^k2 + x^k1 + 1 with m > k3 > k2 > k1 >= 1
 
-The function EC_GROUP_get_basis_type returns a NID identifying whether a trinomial or pentanomial is in use for the field. The
-function EC_GROUP_get_trinomial_basis must only be called where f(x) is of the trinomial form, and returns the value of B<k>. Similarly
-the function EC_GROUP_get_pentanomial_basis must only be called where f(x) is of the pentanomial form, and returns the values of B<k1>,
+The function EC_GROUP_get_basis_type() returns a NID identifying whether a trinomial or pentanomial is in use for the field. The
+function EC_GROUP_get_trinomial_basis() must only be called where f(x) is of the trinomial form, and returns the value of B<k>. Similarly
+the function EC_GROUP_get_pentanomial_basis() must only be called where f(x) is of the pentanomial form, and returns the values of B<k1>,
 B<k2> and B<k3> respectively.
 
 =head1 RETURN VALUES
 
-The following functions return 1 on success or 0 on error: EC_GROUP_copy, EC_GROUP_set_generator, EC_GROUP_check,
-EC_GROUP_check_discriminant, EC_GROUP_get_trinomial_basis and EC_GROUP_get_pentanomial_basis.
+The following functions return 1 on success or 0 on error: EC_GROUP_copy(), EC_GROUP_set_generator(), EC_GROUP_check(),
+EC_GROUP_check_discriminant(), EC_GROUP_get_trinomial_basis() and EC_GROUP_get_pentanomial_basis().
+
+EC_GROUP_dup() returns a pointer to the duplicated curve, or NULL on error.
+
+EC_GROUP_method_of() returns the EC_METHOD implementation in use for the given curve or NULL on error.
+
+EC_GROUP_get0_generator() returns the generator for the given curve or NULL on error.
+
+EC_GROUP_get_order() returns 0 if the order is not set (or set to zero) for
+B<group> or if copying into B<order> fails, 1 otherwise.
+
+EC_GROUP_get_cofactor() returns 0 if the cofactor is not set (or is set to zero) for B<group> or if copying into B<cofactor> fails, 1 otherwise.
 
-EC_GROUP_dup returns a pointer to the duplicated curve, or NULL on error.
+EC_GROUP_get_curve_name() returns the curve name (NID) for B<group> or will return NID_undef if no curve name is associated.
 
-EC_GROUP_method_of returns the EC_METHOD implementation in use for the given curve or NULL on error.
+EC_GROUP_get_asn1_flag() returns the ASN1 flag for the specified B<group> .
 
-EC_GROUP_get0_generator returns the generator for the given curve or NULL on error.
+EC_GROUP_get_point_conversion_form() returns the point_conversion_form for B<group>.
 
-EC_GROUP_get_order, EC_GROUP_get_cofactor, EC_GROUP_get_curve_name, EC_GROUP_get_asn1_flag, EC_GROUP_get_point_conversion_form
-and EC_GROUP_get_degree return the order, cofactor, curve name (NID), ASN1 flag, point_conversion_form and degree for the
-specified curve respectively. If there is no curve name associated with a curve then EC_GROUP_get_curve_name will return 0.
+EC_GROUP_get_degree() returns the degree for B<group> or 0 if the operation is not supported by the underlying group implementation.
 
 EC_GROUP_get0_order() returns an internal pointer to the group order.
 EC_GROUP_order_bits() returns the number of bits in the group order.
 EC_GROUP_get0_cofactor() returns an internal pointer to the group cofactor.
 
-EC_GROUP_get0_seed returns a pointer to the seed that was used to generate the parameter b, or NULL if the seed is not
-specified. EC_GROUP_get_seed_len returns the length of the seed or 0 if the seed is not specified.
+EC_GROUP_get0_seed() returns a pointer to the seed that was used to generate the parameter b, or NULL if the seed is not
+specified. EC_GROUP_get_seed_len() returns the length of the seed or 0 if the seed is not specified.
 
-EC_GROUP_set_seed returns the length of the seed that has been set. If the supplied seed is NULL, or the supplied seed length is
+EC_GROUP_set_seed() returns the length of the seed that has been set. If the supplied seed is NULL, or the supplied seed length is
 0, the return value will be 1. On error 0 is returned.
 
-EC_GROUP_cmp returns 0 if the curves are equal, 1 if they are not equal, or -1 on error.
+EC_GROUP_cmp() returns 0 if the curves are equal, 1 if they are not equal, or -1 on error.
 
-EC_GROUP_get_basis_type returns the values NID_X9_62_tpBasis or NID_X9_62_ppBasis (as defined in <openssl/obj_mac.h>) for a
+EC_GROUP_get_basis_type() returns the values NID_X9_62_tpBasis or NID_X9_62_ppBasis (as defined in <openssl/obj_mac.h>) for a
 trinomial or pentanomial respectively. Alternatively in the event of an error a 0 is returned.
 
 =head1 SEE ALSO
diff --git a/crypto/openssl/doc/man3/EC_GROUP_new.pod b/crypto/openssl/doc/man3/EC_GROUP_new.pod
index 1eee494927f52..c80b191785c4d 100644
--- a/crypto/openssl/doc/man3/EC_GROUP_new.pod
+++ b/crypto/openssl/doc/man3/EC_GROUP_new.pod
@@ -57,49 +57,63 @@ objects
 
 =head1 DESCRIPTION
 
-Within the library there are two forms of elliptic curve that are of interest. The first form is those defined over the
-prime field Fp. The elements of Fp are the integers 0 to p-1, where p is a prime number. This gives us a revised
+Within the library there are two forms of elliptic curve that are of interest.
+The first form is those defined over the prime field Fp. The elements of Fp are
+the integers 0 to p-1, where p is a prime number. This gives us a revised
 elliptic curve equation as follows:
 
 y^2 mod p = x^3 +ax + b mod p
 
-The second form is those defined over a binary field F2^m where the elements of the field are integers of length at
-most m bits. For this form the elliptic curve equation is modified to:
+The second form is those defined over a binary field F2^m where the elements of
+the field are integers of length at most m bits. For this form the elliptic
+curve equation is modified to:
 
 y^2 + xy = x^3 + ax^2 + b (where b != 0)
 
-Operations in a binary field are performed relative to an B<irreducible polynomial>. All such curves with OpenSSL
-use a trinomial or a pentanomial for this parameter.
-
-A new curve can be constructed by calling EC_GROUP_new, using the implementation provided by B<meth> (see
-L<EC_GFp_simple_method(3)>). It is then necessary to call EC_GROUP_set_curve() to set the curve parameters.
-EC_GROUP_new_from_ecparameters() will create a group from the
-specified B<params> and
-EC_GROUP_new_from_ecpkparameters() will create a group from the specific PK B<params>.
-
-EC_GROUP_set_curve() sets the curve parameters B<p>, B<a> and B<b>. For a curve over Fp B<b>
-is the prime for the field. For a curve over F2^m B<p> represents the irreducible polynomial - each bit
-represents a term in the polynomial. Therefore there will either be three or five bits set dependent on whether
-the polynomial is a trinomial or a pentanomial.
+Operations in a binary field are performed relative to an B<irreducible
+polynomial>. All such curves with OpenSSL use a trinomial or a pentanomial for
+this parameter.
+
+A new curve can be constructed by calling EC_GROUP_new(), using the
+implementation provided by B<meth> (see L<EC_GFp_simple_method(3)>). It is then
+necessary to call EC_GROUP_set_curve() to set the curve parameters.
+EC_GROUP_new_from_ecparameters() will create a group from the specified
+B<params> and EC_GROUP_new_from_ecpkparameters() will create a group from the
+specific PK B<params>.
+
+EC_GROUP_set_curve() sets the curve parameters B<p>, B<a> and B<b>. For a curve
+over Fp B<p> is the prime for the field. For a curve over F2^m B<p> represents
+the irreducible polynomial - each bit represents a term in the polynomial.
+Therefore there will either be three or five bits set dependent on whether the
+polynomial is a trinomial or a pentanomial.
+In either case, B<a> and B<b> represents the coefficients a and b from the
+relevant equation introduced above.
 
 EC_group_get_curve() obtains the previously set curve parameters.
 
-EC_GROUP_set_curve_GFp() and EC_GROUP_set_curve_GF2m() are synonyms for EC_GROUP_set_curve(). They are defined for
-backwards compatibility only and should not be used.
-
-EC_GROUP_get_curve_GFp() and EC_GROUP_get_curve_GF2m() are synonyms for EC_GROUP_get_curve(). They are defined for
-backwards compatibility only and should not be used.
-
-The functions EC_GROUP_new_curve_GFp and EC_GROUP_new_curve_GF2m are shortcuts for calling EC_GROUP_new and then the
-EC_GROUP_set_curve function. An appropriate default implementation method will be used.
-
-Whilst the library can be used to create any curve using the functions described above, there are also a number of
-predefined curves that are available. In order to obtain a list of all of the predefined curves, call the function
-EC_get_builtin_curves. The parameter B<r> should be an array of EC_builtin_curve structures of size B<nitems>. The function
-will populate the B<r> array with information about the builtin curves. If B<nitems> is less than the total number of
-curves available, then the first B<nitems> curves will be returned. Otherwise the total number of curves will be
-provided. The return value is the total number of curves available (whether that number has been populated in B<r> or
-not). Passing a NULL B<r>, or setting B<nitems> to 0 will do nothing other than return the total number of curves available.
+EC_GROUP_set_curve_GFp() and EC_GROUP_set_curve_GF2m() are synonyms for
+EC_GROUP_set_curve(). They are defined for backwards compatibility only and
+should not be used.
+
+EC_GROUP_get_curve_GFp() and EC_GROUP_get_curve_GF2m() are synonyms for
+EC_GROUP_get_curve(). They are defined for backwards compatibility only and
+should not be used.
+
+The functions EC_GROUP_new_curve_GFp() and EC_GROUP_new_curve_GF2m() are
+shortcuts for calling EC_GROUP_new() and then the EC_GROUP_set_curve() function.
+An appropriate default implementation method will be used.
+
+Whilst the library can be used to create any curve using the functions described
+above, there are also a number of predefined curves that are available. In order
+to obtain a list of all of the predefined curves, call the function
+EC_get_builtin_curves(). The parameter B<r> should be an array of
+EC_builtin_curve structures of size B<nitems>. The function will populate the
+B<r> array with information about the builtin curves. If B<nitems> is less than
+the total number of curves available, then the first B<nitems> curves will be
+returned. Otherwise the total number of curves will be provided. The return
+value is the total number of curves available (whether that number has been
+populated in B<r> or not). Passing a NULL B<r>, or setting B<nitems> to 0 will
+do nothing other than return the total number of curves available.
 The EC_builtin_curve structure is defined as follows:
 
  typedef struct {
@@ -107,24 +121,28 @@ The EC_builtin_curve structure is defined as follows:
         const char *comment;
         } EC_builtin_curve;
 
-Each EC_builtin_curve item has a unique integer id (B<nid>), and a human readable comment string describing the curve.
+Each EC_builtin_curve item has a unique integer id (B<nid>), and a human
+readable comment string describing the curve.
 
-In order to construct a builtin curve use the function EC_GROUP_new_by_curve_name and provide the B<nid> of the curve to
+In order to construct a builtin curve use the function
+EC_GROUP_new_by_curve_name() and provide the B<nid> of the curve to
 be constructed.
 
-EC_GROUP_free frees the memory associated with the EC_GROUP.
+EC_GROUP_free() frees the memory associated with the EC_GROUP.
 If B<group> is NULL nothing is done.
 
-EC_GROUP_clear_free destroys any sensitive data held within the EC_GROUP and then frees its memory.
-If B<group> is NULL nothing is done.
+EC_GROUP_clear_free() destroys any sensitive data held within the EC_GROUP and
+then frees its memory. If B<group> is NULL nothing is done.
 
 =head1 RETURN VALUES
 
-All EC_GROUP_new* functions return a pointer to the newly constructed group, or NULL on error.
+All EC_GROUP_new* functions return a pointer to the newly constructed group, or
+NULL on error.
 
-EC_get_builtin_curves returns the number of builtin curves that are available.
+EC_get_builtin_curves() returns the number of builtin curves that are available.
 
-EC_GROUP_set_curve_GFp, EC_GROUP_get_curve_GFp, EC_GROUP_set_curve_GF2m, EC_GROUP_get_curve_GF2m return 1 on success or 0 on error.
+EC_GROUP_set_curve_GFp(), EC_GROUP_get_curve_GFp(), EC_GROUP_set_curve_GF2m(),
+EC_GROUP_get_curve_GF2m() return 1 on success or 0 on error.
 
 =head1 SEE ALSO
 
@@ -134,7 +152,7 @@ L<EC_GFp_simple_method(3)>, L<d2i_ECPKParameters(3)>
 
 =head1 COPYRIGHT
 
-Copyright 2013-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2013-2019 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/crypto/openssl/doc/man3/EC_POINT_new.pod b/crypto/openssl/doc/man3/EC_POINT_new.pod
index 796f6666dd38b..8cadaa75f145d 100644
--- a/crypto/openssl/doc/man3/EC_POINT_new.pod
+++ b/crypto/openssl/doc/man3/EC_POINT_new.pod
@@ -171,6 +171,26 @@ The functions EC_POINT_point2oct(), EC_POINT_oct2point(), EC_POINT_point2bn(),
 EC_POINT_bn2point(), EC_POINT_point2hex() and EC_POINT_hex2point() convert from
 and to EC_POINTs for the formats: octet, BIGNUM and hexadecimal respectively.
 
+The function EC_POINT_point2oct() encodes the given curve point B<p> as an
+octet string into the buffer B<buf> of size B<len>, using the specified
+conversion form B<form>.
+The encoding conforms with Sec. 2.3.3 of the SECG SEC 1 ("Elliptic Curve
+Cryptography") standard.
+Similarly the function EC_POINT_oct2point() decodes a curve point into B<p> from
+the octet string contained in the given buffer B<buf> of size B<len>, conforming
+to Sec. 2.3.4 of the SECG SEC 1 ("Elliptic Curve Cryptography") standard.
+
+The functions EC_POINT_point2hex() and EC_POINT_point2bn() convert a point B<p>,
+respectively, to the hexadecimal or BIGNUM representation of the same
+encoding of the function EC_POINT_point2oct().
+Vice versa, similarly to the function EC_POINT_oct2point(), the functions
+EC_POINT_hex2point() and EC_POINT_point2bn() decode the hexadecimal or
+BIGNUM representation into the EC_POINT B<p>.
+
+Notice that, according to the standard, the octet string encoding of the point
+at infinity for a given curve is fixed to a single octet of value zero and that,
+vice versa, a single octet of size zero is decoded as the point at infinity.
+
 The function EC_POINT_point2oct() must be supplied with a buffer long enough to
 store the octet form. The return value provides the number of octets stored.
 Calling the function with a NULL buffer will not perform the conversion but
diff --git a/crypto/openssl/doc/man3/EVP_DigestInit.pod b/crypto/openssl/doc/man3/EVP_DigestInit.pod
index 3e3e342297634..434e22030fdd3 100644
--- a/crypto/openssl/doc/man3/EVP_DigestInit.pod
+++ b/crypto/openssl/doc/man3/EVP_DigestInit.pod
@@ -2,17 +2,17 @@
 
 =head1 NAME
 
-EVP_MD_CTX_new, EVP_MD_CTX_reset, EVP_MD_CTX_free, EVP_MD_CTX_copy_ex,
-EVP_MD_CTX_ctrl, EVP_MD_CTX_set_flags, EVP_MD_CTX_clear_flags,
-EVP_MD_CTX_test_flags, EVP_DigestInit_ex, EVP_DigestInit, EVP_DigestUpdate,
+EVP_MD_CTX_new, EVP_MD_CTX_reset, EVP_MD_CTX_free, EVP_MD_CTX_copy,
+EVP_MD_CTX_copy_ex, EVP_MD_CTX_ctrl, EVP_MD_CTX_set_flags,
+EVP_MD_CTX_clear_flags, EVP_MD_CTX_test_flags,
+EVP_Digest, EVP_DigestInit_ex, EVP_DigestInit, EVP_DigestUpdate,
 EVP_DigestFinal_ex, EVP_DigestFinalXOF, EVP_DigestFinal,
-EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size,
-EVP_MD_block_size, EVP_MD_CTX_md, EVP_MD_CTX_size,
-EVP_MD_CTX_block_size, EVP_MD_CTX_type, EVP_MD_CTX_md_data,
+EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size, EVP_MD_block_size, EVP_MD_flags,
+EVP_MD_CTX_md, EVP_MD_CTX_type, EVP_MD_CTX_size, EVP_MD_CTX_block_size,
+EVP_MD_CTX_md_data, EVP_MD_CTX_update_fn, EVP_MD_CTX_set_update_fn,
 EVP_md_null,
-EVP_get_digestbyname, EVP_get_digestbynid,
-EVP_get_digestbyobj,
-EVP_MD_CTX_set_pkey_ctx - EVP digest routines
+EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj,
+EVP_MD_CTX_pkey_ctx, EVP_MD_CTX_set_pkey_ctx - EVP digest routines
 
 =head1 SYNOPSIS
 
@@ -26,6 +26,8 @@ EVP_MD_CTX_set_pkey_ctx - EVP digest routines
  void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags);
  int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, int flags);
 
+ int EVP_Digest(const void *data, size_t count, unsigned char *md,
+                unsigned int *size, const EVP_MD *type, ENGINE *impl);
  int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl);
  int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt);
  int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s);
@@ -42,12 +44,18 @@ EVP_MD_CTX_set_pkey_ctx - EVP digest routines
  int EVP_MD_pkey_type(const EVP_MD *md);
  int EVP_MD_size(const EVP_MD *md);
  int EVP_MD_block_size(const EVP_MD *md);
+ unsigned long EVP_MD_flags(const EVP_MD *md);
 
  const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx);
- int EVP_MD_CTX_size(const EVP_MD *ctx);
- int EVP_MD_CTX_block_size(const EVP_MD *ctx);
- int EVP_MD_CTX_type(const EVP_MD *ctx);
+ int EVP_MD_CTX_size(const EVP_MD_CTX *ctx);
+ int EVP_MD_CTX_block_size(const EVP_MD_CTX *ctx);
+ int EVP_MD_CTX_type(const EVP_MD_CTX *ctx);
  void *EVP_MD_CTX_md_data(const EVP_MD_CTX *ctx);
+ int (*EVP_MD_CTX_update_fn(EVP_MD_CTX *ctx))(EVP_MD_CTX *ctx,
+                                              const void *data, size_t count);
+ void EVP_MD_CTX_set_update_fn(EVP_MD_CTX *ctx,
+                               int (*update)(EVP_MD_CTX *ctx,
+                                             const void *data, size_t count));
 
  const EVP_MD *EVP_md_null(void);
 
@@ -55,6 +63,7 @@ EVP_MD_CTX_set_pkey_ctx - EVP digest routines
  const EVP_MD *EVP_get_digestbynid(int type);
  const EVP_MD *EVP_get_digestbyobj(const ASN1_OBJECT *o);
 
+ EVP_PKEY_CTX *EVP_MD_CTX_pkey_ctx(const EVP_MD_CTX *ctx);
  void EVP_MD_CTX_set_pkey_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pctx);
 
 =head1 DESCRIPTION
@@ -79,12 +88,24 @@ Cleans up digest context B<ctx> and frees up the space allocated to it.
 
 =item EVP_MD_CTX_ctrl()
 
-Performs digest-specific control actions on context B<ctx>.
+Performs digest-specific control actions on context B<ctx>. The control command
+is indicated in B<cmd> and any additional arguments in B<p1> and B<p2>.
+EVP_MD_CTX_ctrl() must be called after EVP_DigestInit_ex(). Other restrictions
+may apply depending on the control type and digest implementation.
+See L</CONTROLS> below for more information.
 
 =item EVP_MD_CTX_set_flags(), EVP_MD_CTX_clear_flags(), EVP_MD_CTX_test_flags()
 
 Sets, clears and tests B<ctx> flags.  See L</FLAGS> below for more information.
 
+=item EVP_Digest()
+
+A wrapper around the Digest Init_ex, Update and Final_ex functions.
+Hashes B<count> bytes of data at B<data> using a digest B<type> from ENGINE
+B<impl>. The digest value is placed in B<md> and its length is written at B<size>
+if the pointer is not NULL. At most B<EVP_MAX_MD_SIZE> bytes will be written.
+If B<impl> is NULL the default implementation of digest B<type> is used.
+
 =item EVP_DigestInit_ex()
 
 Sets up digest context B<ctx> to use a digest B<type> from ENGINE B<impl>.
@@ -122,7 +143,7 @@ few bytes.
 =item EVP_DigestInit()
 
 Behaves in the same way as EVP_DigestInit_ex() except it always uses the
-default digest implementation.
+default digest implementation and calls EVP_MD_CTX_reset().
 
 =item EVP_DigestFinal()
 
@@ -163,6 +184,21 @@ EVP_MD_meth_set_app_datasize().
 
 Returns the B<EVP_MD> structure corresponding to the passed B<EVP_MD_CTX>.
 
+=item EVP_MD_CTX_set_update_fn()
+
+Sets the update function for B<ctx> to B<update>.
+This is the function that is called by EVP_DigestUpdate. If not set, the
+update function from the B<EVP_MD> type specified at initialization is used.
+
+=item EVP_MD_CTX_update_fn()
+
+Returns the update function for B<ctx>.
+
+=item EVP_MD_flags()
+
+Returns the B<md> flags. Note that these are different from the B<EVP_MD_CTX>
+ones. See L<EVP_MD_meth_set_flags(3)> for more information.
+
 =item EVP_MD_pkey_type()
 
 Returns the NID of the public key signing algorithm associated with this
@@ -182,10 +218,15 @@ EVP_get_digestbyobj()
 Returns an B<EVP_MD> structure when passed a digest name, a digest B<NID> or an
 B<ASN1_OBJECT> structure respectively.
 
+=item EVP_MD_CTX_pkey_ctx()
+
+Returns the B<EVP_PKEY_CTX> assigned to B<ctx>. The returned pointer should not
+be freed by the caller.
+
 =item EVP_MD_CTX_set_pkey_ctx()
 
 Assigns an B<EVP_PKEY_CTX> to B<EVP_MD_CTX>. This is usually used to provide
-a customzied B<EVP_PKEY_CTX> to L<EVP_DigestSignInit(3)> or
+a customized B<EVP_PKEY_CTX> to L<EVP_DigestSignInit(3)> or
 L<EVP_DigestVerifyInit(3)>. The B<pctx> passed to this function should be freed
 by the caller. A NULL B<pctx> pointer is also allowed to clear the B<EVP_PKEY_CTX>
 assigned to B<ctx>. In such case, freeing the cleared B<EVP_PKEY_CTX> or not
@@ -193,6 +234,27 @@ depends on how the B<EVP_PKEY_CTX> is created.
 
 =back
 
+=head1 CONTROLS
+
+EVP_MD_CTX_ctrl() can be used to send the following standard controls:
+
+=over 4
+
+=item EVP_MD_CTRL_MICALG
+
+Gets the digest Message Integrity Check algorithm string. This is used when
+creating S/MIME multipart/signed messages, as specified in RFC 3851.
+The string value is written to B<p2>.
+
+=item EVP_MD_CTRL_XOF_LEN
+
+This control sets the digest length for extendable output functions to B<p1>.
+Sending this control directly should not be necessary, the use of
+C<EVP_DigestFinalXOF()> is preferred.
+Currently used by SHAKE.
+
+=back
+
 =head1 FLAGS
 
 EVP_MD_CTX_set_flags(), EVP_MD_CTX_clear_flags() and EVP_MD_CTX_test_flags()
@@ -245,8 +307,7 @@ Returns 1 if successful or 0 for failure.
 Returns 1 if successful or 0 for failure.
 
 =item EVP_MD_type(),
-EVP_MD_pkey_type(),
-EVP_MD_type()
+EVP_MD_pkey_type()
 
 Returns the NID of the corresponding OBJECT IDENTIFIER or NID_undef if none
 exists.
@@ -350,6 +411,7 @@ digest name passed on the command line.
 
 =head1 SEE ALSO
 
+L<EVP_MD_meth_new(3)>,
 L<dgst(1)>,
 L<evp(7)>
 
diff --git a/crypto/openssl/doc/man3/EVP_DigestSignInit.pod b/crypto/openssl/doc/man3/EVP_DigestSignInit.pod
index 0bbc3d0ff8f34..912880a5e1c5c 100644
--- a/crypto/openssl/doc/man3/EVP_DigestSignInit.pod
+++ b/crypto/openssl/doc/man3/EVP_DigestSignInit.pod
@@ -36,7 +36,7 @@ EVP_MD_CTX is freed).
 The digest B<type> may be NULL if the signing algorithm supports it.
 
 No B<EVP_PKEY_CTX> will be created by EVP_DigestSignInit() if the passed B<ctx>
-has already been assigned one via L<EVP_MD_CTX_set_ctx(3)>. See also L<SM2(7)>.
+has already been assigned one via L<EVP_MD_CTX_set_pkey_ctx(3)>. See also L<SM2(7)>.
 
 Only EVP_PKEY types that support signing can be used with these functions. This
 includes MAC algorithms where the MAC generation is considered as a form of
@@ -102,10 +102,8 @@ EVP_DigestSignFinal().
 
 =head1 RETURN VALUES
 
-EVP_DigestSignInit(), EVP_DigestSignUpdate(), EVP_DigestSignaFinal() and
-EVP_DigestSign() return 1 for success and 0 or a negative value for failure. In
-particular, a return value of -2 indicates the operation is not supported by the
-public key algorithm.
+EVP_DigestSignInit(), EVP_DigestSignUpdate(), EVP_DigestSignFinal() and
+EVP_DigestSign() return 1 for success and 0 for failure.
 
 The error codes can be obtained from L<ERR_get_error(3)>.
 
@@ -158,7 +156,7 @@ were added in OpenSSL 1.0.0.
 
 =head1 COPYRIGHT
 
-Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/crypto/openssl/doc/man3/EVP_DigestVerifyInit.pod b/crypto/openssl/doc/man3/EVP_DigestVerifyInit.pod
index 05b99bb913ce3..0806cd5d58c4d 100644
--- a/crypto/openssl/doc/man3/EVP_DigestVerifyInit.pod
+++ b/crypto/openssl/doc/man3/EVP_DigestVerifyInit.pod
@@ -33,7 +33,7 @@ inside EVP_DigestVerifyInit() and it will be freed automatically when the
 EVP_MD_CTX is freed).
 
 No B<EVP_PKEY_CTX> will be created by EVP_DigestSignInit() if the passed B<ctx>
-has already been assigned one via L<EVP_MD_CTX_set_ctx(3)>. See also L<SM2(7)>.
+has already been assigned one via L<EVP_MD_CTX_set_pkey_ctx(3)>. See also L<SM2(7)>.
 
 EVP_DigestVerifyUpdate() hashes B<cnt> bytes of data at B<d> into the
 verification context B<ctx>. This function can be called several times on the
diff --git a/crypto/openssl/doc/man3/EVP_EncryptInit.pod b/crypto/openssl/doc/man3/EVP_EncryptInit.pod
index 6b068617b0adc..aaf9975c4c267 100644
--- a/crypto/openssl/doc/man3/EVP_EncryptInit.pod
+++ b/crypto/openssl/doc/man3/EVP_EncryptInit.pod
@@ -492,6 +492,15 @@ EVP_EncryptFinal_ex(), EVP_DecryptInit_ex(), EVP_DecryptFinal_ex(),
 EVP_CipherInit_ex() and EVP_CipherFinal_ex() because they can reuse an
 existing context without allocating and freeing it up on each call.
 
+There are some differences between functions EVP_CipherInit() and
+EVP_CipherInit_ex(), significant in some circumstances. EVP_CipherInit() fills
+the passed context object with zeros.  As a consequence, EVP_CipherInit() does
+not allow step-by-step initialization of the ctx when the I<key> and I<iv> are
+passed in separate calls. It also means that the flags set for the CTX are
+removed, and it is especially important for the
+B<EVP_CIPHER_CTX_FLAG_WRAP_ALLOW> flag treated specially in
+EVP_CipherInit_ex().
+
 EVP_get_cipherbynid(), and EVP_get_cipherbyobj() are implemented as macros.
 
 =head1 BUGS
diff --git a/crypto/openssl/doc/man3/EVP_MD_meth_new.pod b/crypto/openssl/doc/man3/EVP_MD_meth_new.pod
index 0265c7d50456e..e17a4cd519abe 100644
--- a/crypto/openssl/doc/man3/EVP_MD_meth_new.pod
+++ b/crypto/openssl/doc/man3/EVP_MD_meth_new.pod
@@ -84,7 +84,12 @@ together.  The available flags are:
 
 =item EVP_MD_FLAG_ONESHOT
 
-This digest method can only handles one block of input.
+This digest method can only handle one block of input.
+
+=item EVP_MD_FLAG_XOF
+
+This digest method is an extensible-output function (XOF) and supports
+the B<EVP_MD_CTRL_XOF_LEN> control.
 
 =item EVP_MD_FLAG_DIGALGID_NULL
 
@@ -105,19 +110,24 @@ B<EVP_MD_FLAG_DIGALGID_ABSENT> as default.  I<Note: if combined with
 EVP_MD_FLAG_DIGALGID_NULL, the latter will be overridden.>
 Currently unused.
 
+=item EVP_MD_FLAG_FIPS
+
+This digest method is suitable for use in FIPS mode.
+Currently unused.
+
 =back
 
 EVP_MD_meth_set_init() sets the digest init function for B<md>.
-The digest init function is called by EVP_DigestInit(),
+The digest init function is called by EVP_Digest(), EVP_DigestInit(),
 EVP_DigestInit_ex(), EVP_SignInit, EVP_SignInit_ex(), EVP_VerifyInit()
 and EVP_VerifyInit_ex().
 
 EVP_MD_meth_set_update() sets the digest update function for B<md>.
-The digest update function is called by EVP_DigestUpdate(),
+The digest update function is called by EVP_Digest(), EVP_DigestUpdate() and
 EVP_SignUpdate().
 
 EVP_MD_meth_set_final() sets the digest final function for B<md>.
-The digest final function is called by EVP_DigestFinal(),
+The digest final function is called by EVP_Digest(), EVP_DigestFinal(),
 EVP_DigestFinal_ex(), EVP_SignFinal() and EVP_VerifyFinal().
 
 EVP_MD_meth_set_copy() sets the function for B<md> to do extra
@@ -138,6 +148,7 @@ This cleanup function is called by EVP_MD_CTX_reset() and
 EVP_MD_CTX_free().
 
 EVP_MD_meth_set_ctrl() sets the control function for B<md>.
+See L<EVP_MD_CTX_ctrl(3)> for the available controls.
 
 EVP_MD_meth_get_input_blocksize(), EVP_MD_meth_get_result_size(),
 EVP_MD_meth_get_app_datasize(), EVP_MD_meth_get_flags(),
@@ -169,7 +180,7 @@ The B<EVP_MD> structure was openly available in OpenSSL before version
 
 =head1 COPYRIGHT
 
-Copyright 2015-2017 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/crypto/openssl/doc/man3/EVP_PKEY_CTX_ctrl.pod b/crypto/openssl/doc/man3/EVP_PKEY_CTX_ctrl.pod
index 75fad0f70ce0d..16d8462a42637 100644
--- a/crypto/openssl/doc/man3/EVP_PKEY_CTX_ctrl.pod
+++ b/crypto/openssl/doc/man3/EVP_PKEY_CTX_ctrl.pod
@@ -23,6 +23,8 @@ EVP_PKEY_CTX_get_rsa_oaep_md,
 EVP_PKEY_CTX_set0_rsa_oaep_label,
 EVP_PKEY_CTX_get0_rsa_oaep_label,
 EVP_PKEY_CTX_set_dsa_paramgen_bits,
+EVP_PKEY_CTX_set_dsa_paramgen_q_bits,
+EVP_PKEY_CTX_set_dsa_paramgen_md,
 EVP_PKEY_CTX_set_dh_paramgen_prime_len,
 EVP_PKEY_CTX_set_dh_paramgen_subprime_len,
 EVP_PKEY_CTX_set_dh_paramgen_generator,
@@ -93,6 +95,8 @@ EVP_PKEY_CTX_set1_id, EVP_PKEY_CTX_get1_id, EVP_PKEY_CTX_get1_id_len
  #include <openssl/dsa.h>
 
  int EVP_PKEY_CTX_set_dsa_paramgen_bits(EVP_PKEY_CTX *ctx, int nbits);
+ int EVP_PKEY_CTX_set_dsa_paramgen_q_bits(EVP_PKEY_CTX *ctx, int qbits);
+ int EVP_PKEY_CTX_set_dsa_paramgen_md(EVP_PKEY_CTX *ctx, const EVP_MD *md);
 
  #include <openssl/dh.h>
 
@@ -255,7 +259,17 @@ by the library and should not be freed by the caller.
 =head2 DSA parameters
 
 The EVP_PKEY_CTX_set_dsa_paramgen_bits() macro sets the number of bits used
-for DSA parameter generation to B<bits>. If not specified 1024 is used.
+for DSA parameter generation to B<nbits>. If not specified, 1024 is used.
+
+The EVP_PKEY_CTX_set_dsa_paramgen_q_bits() macro sets the number of bits in the
+subprime parameter B<q> for DSA parameter generation to B<qbits>. If not
+specified, 160 is used. If a digest function is specified below, this parameter
+is ignored and instead, the number of bits in B<q> matches the size of the
+digest.
+
+The EVP_PKEY_CTX_set_dsa_paramgen_md() macro sets the digest function used for
+DSA parameter generation to B<md>. If not specified, one of SHA-1, SHA-224, or
+SHA-256 is selected to match the bit length of B<q> above.
 
 =head2 DH parameters
 
diff --git a/crypto/openssl/doc/man3/EVP_PKEY_meth_new.pod b/crypto/openssl/doc/man3/EVP_PKEY_meth_new.pod
index 8a167ce0d6ff0..106873d9acc19 100644
--- a/crypto/openssl/doc/man3/EVP_PKEY_meth_new.pod
+++ b/crypto/openssl/doc/man3/EVP_PKEY_meth_new.pod
@@ -8,14 +8,18 @@ EVP_PKEY_meth_set_init, EVP_PKEY_meth_set_copy, EVP_PKEY_meth_set_cleanup,
 EVP_PKEY_meth_set_paramgen, EVP_PKEY_meth_set_keygen, EVP_PKEY_meth_set_sign,
 EVP_PKEY_meth_set_verify, EVP_PKEY_meth_set_verify_recover, EVP_PKEY_meth_set_signctx,
 EVP_PKEY_meth_set_verifyctx, EVP_PKEY_meth_set_encrypt, EVP_PKEY_meth_set_decrypt,
-EVP_PKEY_meth_set_derive, EVP_PKEY_meth_set_ctrl, EVP_PKEY_meth_set_check,
+EVP_PKEY_meth_set_derive, EVP_PKEY_meth_set_ctrl,
+EVP_PKEY_meth_set_digestsign, EVP_PKEY_meth_set_digestverify,
+EVP_PKEY_meth_set_check,
 EVP_PKEY_meth_set_public_check, EVP_PKEY_meth_set_param_check,
 EVP_PKEY_meth_set_digest_custom,
 EVP_PKEY_meth_get_init, EVP_PKEY_meth_get_copy, EVP_PKEY_meth_get_cleanup,
 EVP_PKEY_meth_get_paramgen, EVP_PKEY_meth_get_keygen, EVP_PKEY_meth_get_sign,
 EVP_PKEY_meth_get_verify, EVP_PKEY_meth_get_verify_recover, EVP_PKEY_meth_get_signctx,
 EVP_PKEY_meth_get_verifyctx, EVP_PKEY_meth_get_encrypt, EVP_PKEY_meth_get_decrypt,
-EVP_PKEY_meth_get_derive, EVP_PKEY_meth_get_ctrl, EVP_PKEY_meth_get_check,
+EVP_PKEY_meth_get_derive, EVP_PKEY_meth_get_ctrl,
+EVP_PKEY_meth_get_digestsign, EVP_PKEY_meth_get_digestverify,
+EVP_PKEY_meth_get_check,
 EVP_PKEY_meth_get_public_check, EVP_PKEY_meth_get_param_check,
 EVP_PKEY_meth_get_digest_custom,
 EVP_PKEY_meth_remove
@@ -112,6 +116,18 @@ EVP_PKEY_meth_remove
                              int (*ctrl_str) (EVP_PKEY_CTX *ctx,
                                               const char *type,
                                               const char *value));
+ void EVP_PKEY_meth_set_digestsign(EVP_PKEY_METHOD *pmeth,
+                                   int (*digestsign) (EVP_MD_CTX *ctx,
+                                                      unsigned char *sig,
+                                                      size_t *siglen,
+                                                      const unsigned char *tbs,
+                                                      size_t tbslen));
+ void EVP_PKEY_meth_set_digestverify(EVP_PKEY_METHOD *pmeth,
+                                     int (*digestverify) (EVP_MD_CTX *ctx,
+                                                          const unsigned char *sig,
+                                                          size_t siglen,
+                                                          const unsigned char *tbs,
+                                                          size_t tbslen));
  void EVP_PKEY_meth_set_check(EVP_PKEY_METHOD *pmeth,
                               int (*check) (EVP_PKEY *pkey));
  void EVP_PKEY_meth_set_public_check(EVP_PKEY_METHOD *pmeth,
@@ -200,6 +216,18 @@ EVP_PKEY_meth_remove
                              int (**pctrl_str) (EVP_PKEY_CTX *ctx,
                                                 const char *type,
                                                 const char *value));
+ void EVP_PKEY_meth_get_digestsign(EVP_PKEY_METHOD *pmeth,
+                                   int (**digestsign) (EVP_MD_CTX *ctx,
+                                                       unsigned char *sig,
+                                                       size_t *siglen,
+                                                       const unsigned char *tbs,
+                                                       size_t tbslen));
+ void EVP_PKEY_meth_get_digestverify(EVP_PKEY_METHOD *pmeth,
+                                     int (**digestverify) (EVP_MD_CTX *ctx,
+                                                           const unsigned char *sig,
+                                                           size_t siglen,
+                                                           const unsigned char *tbs,
+                                                           size_t tbslen));
  void EVP_PKEY_meth_get_check(const EVP_PKEY_METHOD *pmeth,
                               int (**pcheck) (EVP_PKEY *pkey));
  void EVP_PKEY_meth_get_public_check(const EVP_PKEY_METHOD *pmeth,
diff --git a/crypto/openssl/doc/man3/EVP_PKEY_new.pod b/crypto/openssl/doc/man3/EVP_PKEY_new.pod
index ebe20986dba14..667269cc624e5 100644
--- a/crypto/openssl/doc/man3/EVP_PKEY_new.pod
+++ b/crypto/openssl/doc/man3/EVP_PKEY_new.pod
@@ -72,21 +72,24 @@ EVP_PKEY_new_mac_key() works in the same way as EVP_PKEY_new_raw_private_key().
 New applications should use EVP_PKEY_new_raw_private_key() instead.
 
 EVP_PKEY_get_raw_private_key() fills the buffer provided by B<priv> with raw
-private key data. The number of bytes written is populated in B<*len>. If the
-buffer B<priv> is NULL then B<*len> is populated with the number of bytes
-required to hold the key. The calling application is responsible for ensuring
-that the buffer is large enough to receive the private key data. This function
-only works for algorithms that support raw private keys. Currently this is:
-B<EVP_PKEY_HMAC>, B<EVP_PKEY_POLY1305>, B<EVP_PKEY_SIPHASH>, B<EVP_PKEY_X25519>,
-B<EVP_PKEY_ED25519>, B<EVP_PKEY_X448> or B<EVP_PKEY_ED448>.
+private key data. The size of the B<priv> buffer should be in B<*len> on entry
+to the function, and on exit B<*len> is updated with the number of bytes
+actually written. If the buffer B<priv> is NULL then B<*len> is populated with
+the number of bytes required to hold the key. The calling application is
+responsible for ensuring that the buffer is large enough to receive the private
+key data. This function only works for algorithms that support raw private keys.
+Currently this is: B<EVP_PKEY_HMAC>, B<EVP_PKEY_POLY1305>, B<EVP_PKEY_SIPHASH>,
+B<EVP_PKEY_X25519>, B<EVP_PKEY_ED25519>, B<EVP_PKEY_X448> or B<EVP_PKEY_ED448>.
 
 EVP_PKEY_get_raw_public_key() fills the buffer provided by B<pub> with raw
-public key data. The number of bytes written is populated in B<*len>. If the
-buffer B<pub> is NULL then B<*len> is populated with the number of bytes
-required to hold the key. The calling application is responsible for ensuring
-that the buffer is large enough to receive the public key data. This function
-only works for algorithms that support raw public  keys. Currently this is:
-B<EVP_PKEY_X25519>, B<EVP_PKEY_ED25519>, B<EVP_PKEY_X448> or B<EVP_PKEY_ED448>.
+public key data. The size of the B<pub> buffer should be in B<*len> on entry
+to the function, and on exit B<*len> is updated with the number of bytes
+actually written. If the buffer B<pub> is NULL then B<*len> is populated with
+the number of bytes required to hold the key. The calling application is
+responsible for ensuring that the buffer is large enough to receive the public
+key data. This function only works for algorithms that support raw public  keys.
+Currently this is: B<EVP_PKEY_X25519>, B<EVP_PKEY_ED25519>, B<EVP_PKEY_X448> or
+B<EVP_PKEY_ED448>.
 
 =head1 NOTES
 
@@ -126,7 +129,7 @@ EVP_PKEY_get_raw_public_key() functions were added in OpenSSL 1.1.1.
 
 =head1 COPYRIGHT
 
-Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/crypto/openssl/doc/man3/EVP_PKEY_size.pod b/crypto/openssl/doc/man3/EVP_PKEY_size.pod
new file mode 100644
index 0000000000000..786c5039142c2
--- /dev/null
+++ b/crypto/openssl/doc/man3/EVP_PKEY_size.pod
@@ -0,0 +1,80 @@
+=pod
+
+=head1 NAME
+
+EVP_PKEY_size, EVP_PKEY_bits, EVP_PKEY_security_bits
+- EVP_PKEY information functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+
+ int EVP_PKEY_size(const EVP_PKEY *pkey);
+ int EVP_PKEY_bits(const EVP_PKEY *pkey);
+ int EVP_PKEY_security_bits(const EVP_PKEY *pkey);
+
+=head1 DESCRIPTION
+
+EVP_PKEY_size() returns the maximum suitable size for the output
+buffers for almost all operations that can be done with I<pkey>.
+The primary documented use is with L<EVP_SignFinal(3)> and
+L<EVP_SealInit(3)>, but it isn't limited there.  The returned size is
+also large enough for the output buffer of L<EVP_PKEY_sign(3)>,
+L<EVP_PKEY_encrypt(3)>, L<EVP_PKEY_decrypt(3)>, L<EVP_PKEY_derive(3)>.
+
+It must be stressed that, unless the documentation for the operation
+that's being performed says otherwise, the size returned by
+EVP_PKEY_size() is only preliminary and not exact, so the final
+contents of the target buffer may be smaller.  It is therefore crucial
+to take note of the size given back by the function that performs the
+operation, such as L<EVP_PKEY_sign(3)> (the I<siglen> argument will
+receive that length), to avoid bugs.
+
+EVP_PKEY_bits() returns the cryptographic length of the cryptosystem
+to which the key in I<pkey> belongs, in bits.  Note that the definition
+of cryptographic length is specific to the key cryptosystem.
+
+EVP_PKEY_security_bits() returns the number of security bits of the given
+I<pkey>, bits of security is defined in NIST SP800-57.
+
+=head1 RETURN VALUES
+
+EVP_PKEY_size(), EVP_PKEY_bits() and EVP_PKEY_security_bits() return a
+positive number, or 0 if this size isn't available.
+
+=head1 NOTES
+
+Most functions that have an output buffer and are mentioned with
+EVP_PKEY_size() have a functionality where you can pass NULL for the
+buffer and still pass a pointer to an integer and get the exact size
+that this function call delivers in the context that it's called in.
+This allows those functions to be called twice, once to find out the
+exact buffer size, then allocate the buffer in between, and call that
+function again actually output the data.  For those functions, it
+isn't strictly necessary to call EVP_PKEY_size() to find out the
+buffer size, but may be useful in cases where it's desirable to know
+the upper limit in advance.
+
+It should also be especially noted that EVP_PKEY_size() shouldn't be
+used to get the output size for EVP_DigestSignFinal(), according to
+L<EVP_DigestSignFinal(3)/NOTES>.
+
+=head1 SEE ALSO
+
+L<EVP_SignFinal(3)>,
+L<EVP_SealInit(3)>,
+L<EVP_PKEY_sign(3)>,
+L<EVP_PKEY_encrypt(3)>,
+L<EVP_PKEY_decrypt(3)>,
+L<EVP_PKEY_derive(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the Apache License 2.0 (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/crypto/openssl/doc/man3/EVP_SignInit.pod b/crypto/openssl/doc/man3/EVP_SignInit.pod
index c26b7f7d5d220..22ce747d333f7 100644
--- a/crypto/openssl/doc/man3/EVP_SignInit.pod
+++ b/crypto/openssl/doc/man3/EVP_SignInit.pod
@@ -2,10 +2,8 @@
 
 =head1 NAME
 
-EVP_PKEY_size,
-EVP_SignInit, EVP_SignInit_ex, EVP_SignUpdate, EVP_SignFinal,
-EVP_PKEY_security_bits - EVP signing
-functions
+EVP_SignInit, EVP_SignInit_ex, EVP_SignUpdate, EVP_SignFinal
+- EVP signing functions
 
 =head1 SYNOPSIS
 
@@ -17,49 +15,36 @@ functions
 
  void EVP_SignInit(EVP_MD_CTX *ctx, const EVP_MD *type);
 
- int EVP_PKEY_size(const EVP_PKEY *pkey);
- int EVP_PKEY_security_bits(const EVP_PKEY *pkey);
-
 =head1 DESCRIPTION
 
 The EVP signature routines are a high level interface to digital
 signatures.
 
-EVP_SignInit_ex() sets up signing context B<ctx> to use digest
-B<type> from ENGINE B<impl>. B<ctx> must be created with
+EVP_SignInit_ex() sets up signing context I<ctx> to use digest
+I<type> from B<ENGINE> I<impl>. I<ctx> must be created with
 EVP_MD_CTX_new() before calling this function.
 
-EVP_SignUpdate() hashes B<cnt> bytes of data at B<d> into the
-signature context B<ctx>. This function can be called several times on the
-same B<ctx> to include additional data.
+EVP_SignUpdate() hashes I<cnt> bytes of data at I<d> into the
+signature context I<ctx>. This function can be called several times on the
+same I<ctx> to include additional data.
 
-EVP_SignFinal() signs the data in B<ctx> using the private key B<pkey> and
-places the signature in B<sig>. B<sig> must be at least EVP_PKEY_size(pkey)
-bytes in size. B<s> is an OUT parameter, and not used as an IN parameter.
+EVP_SignFinal() signs the data in I<ctx> using the private key I<pkey> and
+places the signature in I<sig>. I<sig> must be at least C<EVP_PKEY_size(pkey)>
+bytes in size. I<s> is an OUT parameter, and not used as an IN parameter.
 The number of bytes of data written (i.e. the length of the signature)
-will be written to the integer at B<s>, at most EVP_PKEY_size(pkey) bytes
+will be written to the integer at I<s>, at most C<EVP_PKEY_size(pkey)> bytes
 will be written.
 
-EVP_SignInit() initializes a signing context B<ctx> to use the default
-implementation of digest B<type>.
-
-EVP_PKEY_size() returns the maximum size of a signature in bytes. The actual
-signature returned by EVP_SignFinal() may be smaller.
-
-EVP_PKEY_security_bits() returns the number of security bits of the given B<pkey>,
-bits of security is defined in NIST SP800-57.
+EVP_SignInit() initializes a signing context I<ctx> to use the default
+implementation of digest I<type>.
 
 =head1 RETURN VALUES
 
 EVP_SignInit_ex(), EVP_SignUpdate() and EVP_SignFinal() return 1
 for success and 0 for failure.
 
-EVP_PKEY_size() returns the maximum size of a signature in bytes.
-
 The error codes can be obtained by L<ERR_get_error(3)>.
 
-EVP_PKEY_security_bits() returns the number of security bits.
-
 =head1 NOTES
 
 The B<EVP> interface to digital signatures should almost always be used in
@@ -95,6 +80,7 @@ The previous two bugs are fixed in the newer EVP_SignDigest*() function.
 
 =head1 SEE ALSO
 
+L<EVP_PKEY_size(3)>, L<EVP_PKEY_bits(3)>, L<EVP_PKEY_security_bits(3)>,
 L<EVP_VerifyInit(3)>,
 L<EVP_DigestInit(3)>,
 L<evp(7)>, L<HMAC(3)>, L<MD2(3)>,
@@ -103,7 +89,7 @@ L<SHA1(3)>, L<dgst(1)>
 
 =head1 COPYRIGHT
 
-Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/crypto/openssl/doc/man3/OCSP_request_add1_nonce.pod b/crypto/openssl/doc/man3/OCSP_request_add1_nonce.pod
index 66e4c7b8fb78b..81bf645108f3d 100644
--- a/crypto/openssl/doc/man3/OCSP_request_add1_nonce.pod
+++ b/crypto/openssl/doc/man3/OCSP_request_add1_nonce.pod
@@ -24,7 +24,7 @@ it adds a nonce to OCSP basic response B<resp>.
 
 OCSP_check_nonce() compares the nonce value in B<req> and B<resp>.
 
-OCSP_copy_nonce() copys any nonce value present in B<req> to B<resp>.
+OCSP_copy_nonce() copies any nonce value present in B<req> to B<resp>.
 
 =head1 RETURN VALUES
 
@@ -74,7 +74,7 @@ L<OCSP_sendreq_new(3)>
 
 =head1 COPYRIGHT
 
-Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/crypto/openssl/doc/man3/OCSP_response_status.pod b/crypto/openssl/doc/man3/OCSP_response_status.pod
index 82f95b3af1d19..e7e22e4cb5494 100644
--- a/crypto/openssl/doc/man3/OCSP_response_status.pod
+++ b/crypto/openssl/doc/man3/OCSP_response_status.pod
@@ -58,7 +58,7 @@ with the X509 certificate B<cert>.
 
 OCSP_basic_sign() signs OCSP response B<brsp> using certificate B<signer>, private key
 B<key>, digest B<dgst> and additional certificates B<certs>. If the B<flags> option
-B<OCSP_NOCERTS> is set then no certificates will be included in the request. If the
+B<OCSP_NOCERTS> is set then no certificates will be included in the response. If the
 B<flags> option B<OCSP_RESPID_KEY> is set then the responder is identified by key ID
 rather than by name. OCSP_basic_sign_ctx() also signs OCSP response B<brsp> but
 uses the parameters contained in digest context B<ctx>.
@@ -107,7 +107,7 @@ The OCSP_basic_sign_ctx() function was added in OpenSSL 1.1.1.
 
 =head1 COPYRIGHT
 
-Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/crypto/openssl/doc/man3/OCSP_sendreq_new.pod b/crypto/openssl/doc/man3/OCSP_sendreq_new.pod
index 65ba235c104ea..a129a16bf23c1 100644
--- a/crypto/openssl/doc/man3/OCSP_sendreq_new.pod
+++ b/crypto/openssl/doc/man3/OCSP_sendreq_new.pod
@@ -24,8 +24,7 @@ OCSP_REQ_CTX_set1_req, OCSP_sendreq_bio - OCSP responder query functions
 
  int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, OCSP_REQUEST *req);
 
- OCSP_RESPONSE *OCSP_sendreq_bio(BIO *io, const char *path, OCSP_REQUEST *req,
-                                 int maxline);
+ OCSP_RESPONSE *OCSP_sendreq_bio(BIO *io, const char *path, OCSP_REQUEST *req);
 
 =head1 DESCRIPTION
 
@@ -54,8 +53,8 @@ OCSP_REQ_CTX_set1_req() sets the OCSP request in B<rctx> to B<req>. This
 function should be called after any calls to OCSP_REQ_CTX_add1_header().
 
 OCSP_sendreq_bio() performs an OCSP request using the responder B<io>, the URL
-path B<path>, the OCSP request B<req> and with a response header maximum line
-length of B<maxline>. If B<maxline> is zero a default value of 4k is used.
+path B<path>, and the OCSP request B<req> with a response header maximum line
+length 4k. It waits indefinitely on a response.
 
 =head1 RETURN VALUES
 
@@ -112,7 +111,7 @@ L<OCSP_response_status(3)>
 
 =head1 COPYRIGHT
 
-Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/crypto/openssl/doc/man3/OPENSSL_malloc.pod b/crypto/openssl/doc/man3/OPENSSL_malloc.pod
index 2d678c951f0ae..c60e038309a1d 100644
--- a/crypto/openssl/doc/man3/OPENSSL_malloc.pod
+++ b/crypto/openssl/doc/man3/OPENSSL_malloc.pod
@@ -160,7 +160,7 @@ about what is being done.
 For example, identifying the field names when parsing a complicated
 data structure.
 OPENSSL_mem_debug_push() (which calls CRYPTO_mem_debug_push())
-attachs an identifying string to the allocation stack.
+attaches an identifying string to the allocation stack.
 This must be a global or other static string; it is not copied.
 OPENSSL_mem_debug_pop() removes identifying state from the stack.
 
@@ -245,7 +245,7 @@ only, say, the malloc() implementation is outright dangerous.>
 
 =head1 COPYRIGHT
 
-Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/crypto/openssl/doc/man3/OPENSSL_secure_malloc.pod b/crypto/openssl/doc/man3/OPENSSL_secure_malloc.pod
index 6c395383513b7..86c2522afe492 100644
--- a/crypto/openssl/doc/man3/OPENSSL_secure_malloc.pod
+++ b/crypto/openssl/doc/man3/OPENSSL_secure_malloc.pod
@@ -7,6 +7,7 @@ CRYPTO_secure_malloc_done, OPENSSL_secure_malloc, CRYPTO_secure_malloc,
 OPENSSL_secure_zalloc, CRYPTO_secure_zalloc, OPENSSL_secure_free,
 CRYPTO_secure_free, OPENSSL_secure_clear_free,
 CRYPTO_secure_clear_free, OPENSSL_secure_actual_size,
+CRYPTO_secure_allocated,
 CRYPTO_secure_used - secure heap storage
 
 =head1 SYNOPSIS
@@ -33,6 +34,7 @@ CRYPTO_secure_used - secure heap storage
 
  size_t OPENSSL_secure_actual_size(const void *ptr);
 
+ int CRYPTO_secure_allocated(const void *ptr);
  size_t CRYPTO_secure_used();
 
 =head1 DESCRIPTION
@@ -90,6 +92,8 @@ OPENSSL_secure_actual_size() tells the actual size allocated to the
 pointer; implementations may allocate more space than initially
 requested, in order to "round up" and reduce secure heap fragmentation.
 
+OPENSSL_secure_allocated() tells if a pointer is allocated in the secure heap.
+
 CRYPTO_secure_used() returns the number of bytes allocated in the
 secure heap.
 
diff --git a/crypto/openssl/doc/man3/PEM_bytes_read_bio.pod b/crypto/openssl/doc/man3/PEM_bytes_read_bio.pod
index 3a5bfee9969f8..eb2fb2059ee7b 100644
--- a/crypto/openssl/doc/man3/PEM_bytes_read_bio.pod
+++ b/crypto/openssl/doc/man3/PEM_bytes_read_bio.pod
@@ -17,7 +17,8 @@ PEM_bytes_read_bio, PEM_bytes_read_bio_secmem - read a PEM-encoded data structur
 
 =head1 DESCRIPTION
 
-PEM_bytes_read_bio() reads PEM-formatted (RFC 1421) data from the BIO
+PEM_bytes_read_bio() reads PEM-formatted (IETF RFC 1421 and IETF RFC 7468)
+data from the BIO
 I<bp> for the data type given in I<name> (RSA PRIVATE KEY, CERTIFICATE,
 etc.).  If multiple PEM-encoded data structures are present in the same
 stream, PEM_bytes_read_bio() will skip non-matching data types and
@@ -66,7 +67,6 @@ PEM_bytes_read_bio() and PEM_bytes_read_bio_secmem() return 1 for success or
 
 =head1 SEE ALSO
 
-L<PEM(3)>,
 L<PEM_read_bio_ex(3)>,
 L<passphrase-encoding(7)>
 
diff --git a/crypto/openssl/doc/man3/PEM_read_bio_PrivateKey.pod b/crypto/openssl/doc/man3/PEM_read_bio_PrivateKey.pod
index 7c381e85feff7..a8306500fb3c5 100644
--- a/crypto/openssl/doc/man3/PEM_read_bio_PrivateKey.pod
+++ b/crypto/openssl/doc/man3/PEM_read_bio_PrivateKey.pod
@@ -15,7 +15,8 @@ PEM_write_RSAPublicKey, PEM_read_bio_RSA_PUBKEY, PEM_read_RSA_PUBKEY,
 PEM_write_bio_RSA_PUBKEY, PEM_write_RSA_PUBKEY, PEM_read_bio_DSAPrivateKey,
 PEM_read_DSAPrivateKey, PEM_write_bio_DSAPrivateKey, PEM_write_DSAPrivateKey,
 PEM_read_bio_DSA_PUBKEY, PEM_read_DSA_PUBKEY, PEM_write_bio_DSA_PUBKEY,
-PEM_write_DSA_PUBKEY, PEM_read_bio_DSAparams, PEM_read_DSAparams,
+PEM_write_DSA_PUBKEY, PEM_read_bio_Parameters, PEM_write_bio_Parameters,
+PEM_read_bio_DSAparams, PEM_read_DSAparams,
 PEM_write_bio_DSAparams, PEM_write_DSAparams, PEM_read_bio_DHparams,
 PEM_read_DHparams, PEM_write_bio_DHparams, PEM_write_DHparams,
 PEM_read_bio_X509, PEM_read_X509, PEM_write_bio_X509, PEM_write_X509,
@@ -110,6 +111,9 @@ PEM_write_bio_PKCS7, PEM_write_PKCS7 - PEM routines
  int PEM_write_bio_DSA_PUBKEY(BIO *bp, DSA *x);
  int PEM_write_DSA_PUBKEY(FILE *fp, DSA *x);
 
+ EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x);
+ int PEM_write_bio_Parameters(BIO *bp, const EVP_PKEY *x);
+
  DSA *PEM_read_bio_DSAparams(BIO *bp, DSA **x, pem_password_cb *cb, void *u);
  DSA *PEM_read_DSAparams(FILE *fp, DSA **x, pem_password_cb *cb, void *u);
  int PEM_write_bio_DSAparams(BIO *bp, DSA *x);
@@ -216,6 +220,12 @@ a DSA structure. The public key is encoded using a
 SubjectPublicKeyInfo structure and an error occurs if the public
 key is not DSA.
 
+The B<Parameters> functions read or write key parameters in PEM format using
+an EVP_PKEY structure.  The encoding depends on the type of key; for DSA key
+parameters, it will be a Dss-Parms structure as defined in RFC2459, and for DH
+key parameters, it will be a PKCS#3 DHparameter structure.  I<These functions
+only exist for the B<BIO> type>.
+
 The B<DSAparams> functions process DSA parameters using a DSA
 structure. The parameters are encoded using a Dss-Parms structure
 as defined in RFC2459.
diff --git a/crypto/openssl/doc/man3/PEM_read_bio_ex.pod b/crypto/openssl/doc/man3/PEM_read_bio_ex.pod
index a16b0ede5a9c3..9748e74e0f77d 100644
--- a/crypto/openssl/doc/man3/PEM_read_bio_ex.pod
+++ b/crypto/openssl/doc/man3/PEM_read_bio_ex.pod
@@ -52,7 +52,7 @@ PEM_read_bio_ex() returns 1 for success or 0 for failure.
 
 =head1 SEE ALSO
 
-L<PEM(3)>
+L<PEM_bytes_read_bio(3)>
 
 =head1 HISTORY
 
diff --git a/crypto/openssl/doc/man3/RAND_bytes.pod b/crypto/openssl/doc/man3/RAND_bytes.pod
index e2265d170a619..c44c2f9676075 100644
--- a/crypto/openssl/doc/man3/RAND_bytes.pod
+++ b/crypto/openssl/doc/man3/RAND_bytes.pod
@@ -19,8 +19,8 @@ Deprecated:
 
 =head1 DESCRIPTION
 
-RAND_bytes() puts B<num> cryptographically strong pseudo-random bytes
-into B<buf>.
+RAND_bytes() generates B<num> random bytes using a cryptographically
+secure pseudo random generator (CSPRNG) and stores them in B<buf>.
 
 RAND_priv_bytes() has the same semantics as RAND_bytes().  It is intended to
 be used for generating values that should remain private. If using the
@@ -31,10 +31,22 @@ and L<RAND_DRBG(7)>.
 
 =head1 NOTES
 
-Always check the error return value of RAND_bytes() and
-RAND_priv_bytes() and do not take randomness for granted: an error occurs
-if the CSPRNG has not been seeded with enough randomness to ensure an
-unpredictable byte sequence.
+By default, the OpenSSL CSPRNG supports a security level of 256 bits, provided it
+was able to seed itself from a trusted entropy source.
+On all major platforms supported by OpenSSL (including the Unix-like platforms
+and Windows), OpenSSL is configured to automatically seed the CSPRNG on first use
+using the operating systems's random generator.
+
+If the entropy source fails or is not available, the CSPRNG will enter an
+error state and refuse to generate random bytes. For that reason, it is important
+to always check the error return value of RAND_bytes() and RAND_priv_bytes() and
+not take randomness for granted.
+
+On other platforms, there might not be a trusted entropy source available
+or OpenSSL might have been explicitly configured to use different entropy sources.
+If you are in doubt about the quality of the entropy source, don't hesitate to ask
+your operating system vendor or post a question on GitHub or the openssl-users
+mailing list.
 
 =head1 RETURN VALUES
 
@@ -68,7 +80,7 @@ The RAND_priv_bytes() function was added in OpenSSL 1.1.1.
 
 =head1 COPYRIGHT
 
-Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/crypto/openssl/doc/man3/RAND_set_rand_method.pod b/crypto/openssl/doc/man3/RAND_set_rand_method.pod
index 83a6cac17a51d..b120e712e6f3d 100644
--- a/crypto/openssl/doc/man3/RAND_set_rand_method.pod
+++ b/crypto/openssl/doc/man3/RAND_set_rand_method.pod
@@ -48,7 +48,7 @@ Each pointer may be NULL if the function is not implemented.
 
 =head1 RETURN VALUES
 
-RAND_set_rand_method() returns 1 on success and 0 on failue.
+RAND_set_rand_method() returns 1 on success and 0 on failure.
 RAND_get_rand_method() and RAND_OpenSSL() return pointers to the respective
 methods.
 
diff --git a/crypto/openssl/doc/man3/RSA_get0_key.pod b/crypto/openssl/doc/man3/RSA_get0_key.pod
index 358c2de256f93..adcd57c490713 100644
--- a/crypto/openssl/doc/man3/RSA_get0_key.pod
+++ b/crypto/openssl/doc/man3/RSA_get0_key.pod
@@ -5,7 +5,7 @@
 RSA_set0_key, RSA_set0_factors, RSA_set0_crt_params, RSA_get0_key,
 RSA_get0_factors, RSA_get0_crt_params,
 RSA_get0_n, RSA_get0_e, RSA_get0_d, RSA_get0_p, RSA_get0_q,
-RSA_get0_dmp1, RSA_get0_dmq1, RSA_get0_iqmp,
+RSA_get0_dmp1, RSA_get0_dmq1, RSA_get0_iqmp, RSA_get0_pss_params,
 RSA_clear_flags,
 RSA_test_flags, RSA_set_flags, RSA_get0_engine, RSA_get_multi_prime_extra_count,
 RSA_get0_multi_prime_factors, RSA_get0_multi_prime_crt_params,
@@ -33,6 +33,7 @@ RSA_set0_multi_prime_params, RSA_get_version
  const BIGNUM *RSA_get0_dmp1(const RSA *r);
  const BIGNUM *RSA_get0_dmq1(const RSA *r);
  const BIGNUM *RSA_get0_iqmp(const RSA *r);
+ const RSA_PSS_PARAMS *RSA_get0_pss_params(const RSA *r);
  void RSA_clear_flags(RSA *r, int flags);
  int RSA_test_flags(const RSA *r, int flags);
  void RSA_set_flags(RSA *r, int flags);
@@ -98,6 +99,8 @@ retrieved separately by the corresponding function
 RSA_get0_n(), RSA_get0_e(), RSA_get0_d(), RSA_get0_p(), RSA_get0_q(),
 RSA_get0_dmp1(), RSA_get0_dmq1(), and RSA_get0_iqmp(), respectively.
 
+RSA_get0_pss_params() is used to retrieve the RSA-PSS parameters.
+
 RSA_set_flags() sets the flags in the B<flags> parameter on the RSA
 object. Multiple flags can be passed in one go (bitwise ORed together).
 Any flags that are already set are left set. RSA_test_flags() tests to
@@ -157,6 +160,8 @@ L<RSA_new(3)>, L<RSA_size(3)>
 
 =head1 HISTORY
 
+The RSA_get0_pss_params() function was added in OpenSSL 1.1.1e.
+
 The
 RSA_get_multi_prime_extra_count(), RSA_get0_multi_prime_factors(),
 RSA_get0_multi_prime_crt_params(), RSA_set0_multi_prime_params(),
diff --git a/crypto/openssl/doc/man3/SSL_CTX_sess_set_get_cb.pod b/crypto/openssl/doc/man3/SSL_CTX_sess_set_get_cb.pod
index 774c4b120f6e3..d30f84d78a28c 100644
--- a/crypto/openssl/doc/man3/SSL_CTX_sess_set_get_cb.pod
+++ b/crypto/openssl/doc/man3/SSL_CTX_sess_set_get_cb.pod
@@ -28,19 +28,19 @@ SSL_CTX_sess_set_new_cb, SSL_CTX_sess_set_remove_cb, SSL_CTX_sess_set_get_cb, SS
 
 =head1 DESCRIPTION
 
-SSL_CTX_sess_set_new_cb() sets the callback function, which is automatically
+SSL_CTX_sess_set_new_cb() sets the callback function that is
 called whenever a new session was negotiated.
 
-SSL_CTX_sess_set_remove_cb() sets the callback function, which is
-automatically called whenever a session is removed by the SSL engine,
-because it is considered faulty or the session has become obsolete because
-of exceeding the timeout value.
+SSL_CTX_sess_set_remove_cb() sets the callback function that is
+called whenever a session is removed by the SSL engine.  For example,
+this can occur because a session is considered faulty or has become obsolete
+because of exceeding the timeout value.
 
-SSL_CTX_sess_set_get_cb() sets the callback function which is called,
-whenever a SSL/TLS client proposed to resume a session but the session
+SSL_CTX_sess_set_get_cb() sets the callback function that is called
+whenever a TLS client proposed to resume a session but the session
 could not be found in the internal session cache (see
 L<SSL_CTX_set_session_cache_mode(3)>).
-(SSL/TLS server only.)
+(TLS server only.)
 
 SSL_CTX_sess_get_new_cb(), SSL_CTX_sess_get_remove_cb(), and
 SSL_CTX_sess_get_get_cb() retrieve the function pointers set by the
@@ -54,12 +54,19 @@ session cache is realized via callback functions. Inside these callback
 functions, session can be saved to disk or put into a database using the
 L<d2i_SSL_SESSION(3)> interface.
 
-The new_session_cb() is called, whenever a new session has been negotiated
-and session caching is enabled (see
-L<SSL_CTX_set_session_cache_mode(3)>).
-The new_session_cb() is passed the B<ssl> connection and the ssl session
-B<sess>. If the callback returns B<0>, the session will be immediately
-removed again. Note that in TLSv1.3, sessions are established after the main
+The new_session_cb() is called whenever a new session has been negotiated and
+session caching is enabled (see L<SSL_CTX_set_session_cache_mode(3)>).  The
+new_session_cb() is passed the B<ssl> connection and the nascent
+ssl session B<sess>.
+Since sessions are reference-counted objects, the reference count on the
+session is incremented before the callback, on behalf of the application.  If
+the callback returns B<0>, the session will be immediately removed from the
+internal cache and the reference count released. If the callback returns B<1>,
+the application retains the reference (for an entry in the
+application-maintained "external session cache"), and is responsible for
+calling SSL_SESSION_free() when the session reference is no longer in use.
+
+Note that in TLSv1.3, sessions are established after the main
 handshake has completed. The server decides when to send the client the session
 information and this may occur some time after the end of the handshake (or not
 at all). This means that applications should expect the new_session_cb()
@@ -72,21 +79,23 @@ In TLSv1.3 it is recommended that each SSL_SESSION object is only used for
 resumption once. One way of enforcing that is for applications to call
 L<SSL_CTX_remove_session(3)> after a session has been used.
 
-The remove_session_cb() is called, whenever the SSL engine removes a session
-from the internal cache. This happens when the session is removed because
+The remove_session_cb() is called whenever the SSL engine removes a session
+from the internal cache. This can happen when the session is removed because
 it is expired or when a connection was not shutdown cleanly. It also happens
 for all sessions in the internal session cache when
 L<SSL_CTX_free(3)> is called. The remove_session_cb() is passed
 the B<ctx> and the ssl session B<sess>. It does not provide any feedback.
 
-The get_session_cb() is only called on SSL/TLS servers with the session id
-proposed by the client. The get_session_cb() is always called, also when
+The get_session_cb() is only called on SSL/TLS servers, and is given
+the session id
+proposed by the client. The get_session_cb() is always called, even when
 session caching was disabled. The get_session_cb() is passed the
-B<ssl> connection, the session id of length B<length> at the memory location
-B<data>. With the parameter B<copy> the callback can require the
-SSL engine to increment the reference count of the SSL_SESSION object,
-Normally the reference count is not incremented and therefore the
-session must not be explicitly freed with
+B<ssl> connection and the session id of length B<length> at the memory location
+B<data>. By setting the parameter B<copy> to B<1>, the callback can require the
+SSL engine to increment the reference count of the SSL_SESSION object;
+setting B<copy> to B<0> causes the reference count to remain unchanged.
+If the get_session_cb() does not write to B<copy>, the reference count
+is incremented and the session must be explicitly freed with
 L<SSL_SESSION_free(3)>.
 
 =head1 RETURN VALUES
@@ -104,7 +113,7 @@ L<SSL_CTX_free(3)>
 
 =head1 COPYRIGHT
 
-Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/crypto/openssl/doc/man3/SSL_CTX_set_stateless_cookie_generate_cb.pod b/crypto/openssl/doc/man3/SSL_CTX_set_stateless_cookie_generate_cb.pod
index f29153ed25d8a..aa167f6332ed5 100644
--- a/crypto/openssl/doc/man3/SSL_CTX_set_stateless_cookie_generate_cb.pod
+++ b/crypto/openssl/doc/man3/SSL_CTX_set_stateless_cookie_generate_cb.pod
@@ -3,7 +3,9 @@
 =head1 NAME
 
 SSL_CTX_set_stateless_cookie_generate_cb,
-SSL_CTX_set_stateless_cookie_verify_cb
+SSL_CTX_set_stateless_cookie_verify_cb,
+SSL_CTX_set_cookie_generate_cb,
+SSL_CTX_set_cookie_verify_cb
 - Callback functions for stateless TLS1.3 cookies
 
 =head1 SYNOPSIS
@@ -21,22 +23,51 @@ SSL_CTX_set_stateless_cookie_verify_cb
                                         const unsigned char *cookie,
                                         size_t cookie_len));
 
+ void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx,
+                                     int (*app_gen_cookie_cb) (SSL *ssl,
+                                                               unsigned char
+                                                               *cookie,
+                                                               unsigned int
+                                                               *cookie_len));
+ void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx,
+                                   int (*app_verify_cookie_cb) (SSL *ssl,
+                                                                const unsigned
+                                                                char *cookie,
+                                                                unsigned int
+                                                                cookie_len));
+
 =head1 DESCRIPTION
 
-SSL_CTX_set_cookie_generate_cb() sets the callback used by L<SSL_stateless(3)>
-to generate the application-controlled portion of the cookie provided to clients
-in the HelloRetryRequest transmitted as a response to a ClientHello with a
-missing or invalid cookie. gen_stateless_cookie_cb() must write at most
-SSL_COOKIE_LENGTH bytes into B<cookie>, and must write the number of bytes
-written to B<cookie_len>. If a cookie cannot be generated, a zero return value
-can be used to abort the handshake.
-
-SSL_CTX_set_cookie_verify_cb() sets the callback used by L<SSL_stateless(3)> to
-determine whether the application-controlled portion of a ClientHello cookie is
-valid. A nonzero return value from app_verify_cookie_cb() communicates that the
-cookie is valid. The integrity of the entire cookie, including the
-application-controlled portion, is automatically verified by HMAC before
-verify_stateless_cookie_cb() is called.
+SSL_CTX_set_stateless_cookie_generate_cb() sets the callback used by
+L<SSL_stateless(3)> to generate the application-controlled portion of the cookie
+provided to clients in the HelloRetryRequest transmitted as a response to a
+ClientHello with a missing or invalid cookie. gen_stateless_cookie_cb() must
+write at most SSL_COOKIE_LENGTH bytes into B<cookie>, and must write the number
+of bytes written to B<cookie_len>. If a cookie cannot be generated, a zero
+return value can be used to abort the handshake.
+
+SSL_CTX_set_stateless_cookie_verify_cb() sets the callback used by
+L<SSL_stateless(3)> to determine whether the application-controlled portion of a
+ClientHello cookie is valid. The cookie data is pointed to by B<cookie> and is of
+length B<cookie_len>. A nonzero return value from verify_stateless_cookie_cb()
+communicates that the cookie is valid. The integrity of the entire cookie,
+including the application-controlled portion, is automatically verified by HMAC
+before verify_stateless_cookie_cb() is called.
+
+SSL_CTX_set_cookie_generate_cb() sets the callback used by L<DTLSv1_listen(3)>
+to generate the cookie provided to clients in the HelloVerifyRequest transmitted
+as a response to a ClientHello with a missing or invalid cookie.
+app_gen_cookie_cb()  must write at most DTLS1_COOKIE_LENGTH bytes into
+B<cookie>, and must write the number of bytes written to B<cookie_len>. If a
+cookie cannot be generated, a zero return value can be used to abort the
+handshake.
+
+SSL_CTX_set_cookie_verify_cb() sets the callback used by L<DTLSv1_listen(3)> to
+determine whether the cookie in a ClientHello is valid. The cookie data is
+pointed to by B<cookie> and is of length B<cookie_len>. A nonzero return value
+from app_verify_cookie_cb() communicates that the cookie is valid. The
+integrity of the cookie is not verified by OpenSSL. This is an application
+responsibility.
 
 =head1 RETURN VALUES
 
@@ -44,7 +75,13 @@ Neither function returns a value.
 
 =head1 SEE ALSO
 
-L<SSL_stateless(3)>
+L<SSL_stateless(3)>,
+L<DTLSv1_listen(3)>
+
+=head1 HISTORY
+
+SSL_CTX_set_stateless_cookie_generate_cb() and
+SSL_CTX_set_stateless_cookie_verify_cb() were added in OpenSSL 1.1.1.
 
 =head1 COPYRIGHT
 
diff --git a/crypto/openssl/doc/man3/SSL_CTX_set_tlsext_servername_callback.pod b/crypto/openssl/doc/man3/SSL_CTX_set_tlsext_servername_callback.pod
index b1fb5ab7d9fa5..e971035734e17 100644
--- a/crypto/openssl/doc/man3/SSL_CTX_set_tlsext_servername_callback.pod
+++ b/crypto/openssl/doc/man3/SSL_CTX_set_tlsext_servername_callback.pod
@@ -11,7 +11,7 @@ SSL_set_tlsext_host_name - handle server name indication (SNI)
  #include <openssl/ssl.h>
 
  long SSL_CTX_set_tlsext_servername_callback(SSL_CTX *ctx,
-                                   int (*cb)(SSL *, int *, void *));
+                                   int (*cb)(SSL *s, int *al, void *arg));
  long SSL_CTX_set_tlsext_servername_arg(SSL_CTX *ctx, void *arg);
 
  const char *SSL_get_servername(const SSL *s, const int type);
@@ -21,21 +21,106 @@ SSL_set_tlsext_host_name - handle server name indication (SNI)
 
 =head1 DESCRIPTION
 
-The functionality provided by the servername callback is superseded by the
-ClientHello callback, which can be set using SSL_CTX_set_client_hello_cb().
-The servername callback is retained for historical compatibility.
+The functionality provided by the servername callback is mostly superseded by
+the ClientHello callback, which can be set using SSL_CTX_set_client_hello_cb().
+However, even where the ClientHello callback is used, the servername callback is
+still necessary in order to acknowledge the servername requested by the client.
 
 SSL_CTX_set_tlsext_servername_callback() sets the application callback B<cb>
 used by a server to perform any actions or configuration required based on
 the servername extension received in the incoming connection. When B<cb>
-is NULL, SNI is not used. The B<arg> value is a pointer which is passed to
-the application callback.
+is NULL, SNI is not used.
+
+The servername callback should return one of the following values:
+
+=over 4
+
+=item SSL_TLSEXT_ERR_OK
+
+This is used to indicate that the servername requested by the client has been
+accepted. Typically a server will call SSL_set_SSL_CTX() in the callback to set
+up a different configuration for the selected servername in this case.
+
+=item SSL_TLSEXT_ERR_ALERT_FATAL
+
+In this case the servername requested by the client is not accepted and the
+handshake will be aborted. The value of the alert to be used should be stored in
+the location pointed to by the B<al> parameter to the callback. By default this
+value is initialised to SSL_AD_UNRECOGNIZED_NAME.
+
+=item SSL_TLSEXT_ERR_ALERT_WARNING
+
+If this value is returned then the servername is not accepted by the server.
+However the handshake will continue and send a warning alert instead. The value
+of the alert should be stored in the location pointed to by the B<al> parameter
+as for SSL_TLSEXT_ERR_ALERT_FATAL above. Note that TLSv1.3 does not support
+warning alerts, so if TLSv1.3 has been negotiated then this return value is
+treated the same way as SSL_TLSEXT_ERR_NOACK.
+
+=item SSL_TLSEXT_ERR_NOACK
+
+This return value indicates that the servername is not accepted by the server.
+No alerts are sent and the server will not acknowledge the requested servername.
+
+=back
 
 SSL_CTX_set_tlsext_servername_arg() sets a context-specific argument to be
-passed into the callback for this B<SSL_CTX>.
+passed into the callback (via the B<arg> parameter) for this B<SSL_CTX>.
+
+The behaviour of SSL_get_servername() depends on a number of different factors.
+In particular note that in TLSv1.3 the servername is negotiated in every
+handshake. In TLSv1.2 the servername is only negotiated on initial handshakes
+and not on resumption handshakes.
+
+=over 4
+
+=item On the client, before the handshake
+
+If a servername has been set via a call to SSL_set_tlsext_host_name() then it
+will return that servername.
+
+If one has not been set, but a TLSv1.2 resumption is being attempted and the
+session from the original handshake had a servername accepted by the server then
+it will return that servername.
+
+Otherwise it returns NULL.
 
-SSL_get_servername() returns a servername extension value of the specified
-type if provided in the Client Hello or NULL.
+=item On the client, during or after the handshake and a TLSv1.2 (or below)
+resumption occurred
+
+If the session from the orignal handshake had a servername accepted by the
+server then it will return that servername.
+
+Otherwise it returns the servername set via SSL_set_tlsext_host_name() or NULL
+if it was not called.
+
+=item On the client, during or after the handshake and a TLSv1.2 (or below)
+resumption did not occur
+
+It will return the servername set via SSL_set_tlsext_host_name() or NULL if it
+was not called.
+
+=item On the server, before the handshake
+
+The function will always return NULL before the handshake
+
+=item On the server, after the servername extension has been processed and a
+TLSv1.2 (or below) resumption occurred
+
+If a servername was accepted by the server in the original handshake then it
+will return that servername, or NULL otherwise.
+
+=item On the server, after the servername extension has been processed and a
+TLSv1.2 (or below) resumption did not occur
+
+The function will return the servername requested by the client in this
+handshake or NULL if none was requested.
+
+=back
+
+Note that the ClientHello callback occurs before a servername extension from the
+client is processed. The servername, certificate and ALPN callbacks occur after
+a servername extension from the client is processed.
 
 SSL_get_servername_type() returns the servername type or -1 if no servername
 is present. Currently the only supported type (defined in RFC3546) is
@@ -65,9 +150,26 @@ SSL_set_tlsext_host_name() returns 1 on success, 0 in case of error.
 L<ssl(7)>, L<SSL_CTX_set_alpn_select_cb(3)>,
 L<SSL_get0_alpn_selected(3)>, L<SSL_CTX_set_client_hello_cb(3)>
 
+=head1 HISTORY
+
+SSL_get_servername() historically provided some unexpected results in certain
+corner cases. This has been fixed from OpenSSL 1.1.1e.
+
+Prior to 1.1.1e, when the client requested a servername in an initial TLSv1.2
+handshake, the server accepted it, and then the client successfully resumed but
+set a different explict servername in the second handshake then when called by
+the client it returned the servername from the second handshake. This has now
+been changed to return the servername requested in the original handshake.
+
+Also prior to 1.1.1e, if the client sent a servername in the first handshake but
+the server did not accept it, and then a second handshake occured where TLSv1.2
+resumption was successful then when called by the server it returned the
+servername requested in the original handshake. This has now been changed to
+NULL.
+
 =head1 COPYRIGHT
 
-Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/crypto/openssl/doc/man3/SSL_CTX_use_psk_identity_hint.pod b/crypto/openssl/doc/man3/SSL_CTX_use_psk_identity_hint.pod
index c8f7526610a8a..0957ade5e106d 100644
--- a/crypto/openssl/doc/man3/SSL_CTX_use_psk_identity_hint.pod
+++ b/crypto/openssl/doc/man3/SSL_CTX_use_psk_identity_hint.pod
@@ -39,9 +39,9 @@ SSL_set_psk_find_session_callback
 
 =head1 DESCRIPTION
 
-A client application wishing to use TLSv1.3 PSKs should set a callback
-using either SSL_CTX_set_psk_use_session_callback() or
-SSL_set_psk_use_session_callback() as appropriate.
+A server application wishing to use TLSv1.3 PSKs should set a callback
+using either SSL_CTX_set_psk_find_session_callback() or
+SSL_set_psk_find_session_callback() as appropriate.
 
 The callback function is given a pointer to the SSL connection in B<ssl> and
 an identity in B<identity> of length B<identity_len>. The callback function
diff --git a/crypto/openssl/doc/man3/SSL_SESSION_get0_hostname.pod b/crypto/openssl/doc/man3/SSL_SESSION_get0_hostname.pod
index 475f700a88c5c..6e39cbc656dda 100644
--- a/crypto/openssl/doc/man3/SSL_SESSION_get0_hostname.pod
+++ b/crypto/openssl/doc/man3/SSL_SESSION_get0_hostname.pod
@@ -24,7 +24,10 @@ SSL_SESSION_set1_alpn_selected
 =head1 DESCRIPTION
 
 SSL_SESSION_get0_hostname() retrieves the SNI value that was sent by the
-client when the session was created, or NULL if no value was sent.
+client when the session was created if it was accepted by the server and TLSv1.2
+or below was negotiated. Otherwise NULL is returned. Note that in TLSv1.3 the
+SNI hostname is negotiated with each handshake including resumption handshakes
+and is therefore never associated with the session.
 
 The value returned is a pointer to memory maintained within B<s> and
 should not be free'd.
@@ -64,7 +67,7 @@ SSL_SESSION_set1_alpn_selected() functions were added in OpenSSL 1.1.1.
 
 =head1 COPYRIGHT
 
-Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/crypto/openssl/doc/man3/SSL_accept.pod b/crypto/openssl/doc/man3/SSL_accept.pod
index 335655f0c8c8c..b1595f7acf347 100644
--- a/crypto/openssl/doc/man3/SSL_accept.pod
+++ b/crypto/openssl/doc/man3/SSL_accept.pod
@@ -56,7 +56,7 @@ established.
 
 The TLS/SSL handshake was not successful because a fatal error occurred either
 at the protocol level or a connection failure occurred. The shutdown was
-not clean. It can also occur of action is need to continue the operation
+not clean. It can also occur if action is needed to continue the operation
 for non-blocking BIOs. Call SSL_get_error() with the return value B<ret>
 to find out the reason.
 
@@ -72,7 +72,7 @@ L<SSL_CTX_new(3)>
 
 =head1 COPYRIGHT
 
-Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/crypto/openssl/doc/man3/SSL_connect.pod b/crypto/openssl/doc/man3/SSL_connect.pod
index 426b8ad757dbd..f7d9e57db6224 100644
--- a/crypto/openssl/doc/man3/SSL_connect.pod
+++ b/crypto/openssl/doc/man3/SSL_connect.pod
@@ -71,7 +71,7 @@ established.
 
 The TLS/SSL handshake was not successful, because a fatal error occurred either
 at the protocol level or a connection failure occurred. The shutdown was
-not clean. It can also occur of action is need to continue the operation
+not clean. It can also occur if action is needed to continue the operation
 for non-blocking BIOs. Call SSL_get_error() with the return value B<ret>
 to find out the reason.
 
@@ -87,7 +87,7 @@ L<SSL_CTX_new(3)>
 
 =head1 COPYRIGHT
 
-Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/crypto/openssl/doc/man3/SSL_do_handshake.pod b/crypto/openssl/doc/man3/SSL_do_handshake.pod
index a1b973f7b80a3..8852f9d3e3dce 100644
--- a/crypto/openssl/doc/man3/SSL_do_handshake.pod
+++ b/crypto/openssl/doc/man3/SSL_do_handshake.pod
@@ -57,7 +57,7 @@ established.
 
 The TLS/SSL handshake was not successful because a fatal error occurred either
 at the protocol level or a connection failure occurred. The shutdown was
-not clean. It can also occur of action is need to continue the operation
+not clean. It can also occur if action is needed to continue the operation
 for non-blocking BIOs. Call SSL_get_error() with the return value B<ret>
 to find out the reason.
 
@@ -71,7 +71,7 @@ L<SSL_set_connect_state(3)>
 
 =head1 COPYRIGHT
 
-Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/crypto/openssl/doc/man3/SSL_load_client_CA_file.pod b/crypto/openssl/doc/man3/SSL_load_client_CA_file.pod
index a6cfb308d30c2..f354ef4177dc6 100644
--- a/crypto/openssl/doc/man3/SSL_load_client_CA_file.pod
+++ b/crypto/openssl/doc/man3/SSL_load_client_CA_file.pod
@@ -2,7 +2,10 @@
 
 =head1 NAME
 
-SSL_load_client_CA_file - load certificate names from file
+SSL_load_client_CA_file,
+SSL_add_file_cert_subjects_to_stack,
+SSL_add_dir_cert_subjects_to_stack
+- load certificate names
 
 =head1 SYNOPSIS
 
@@ -10,11 +13,23 @@ SSL_load_client_CA_file - load certificate names from file
 
  STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file);
 
+ int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
+                                         const char *file)
+ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
+                                        const char *dir)
+
 =head1 DESCRIPTION
 
-SSL_load_client_CA_file() reads certificates from B<file> and returns
+SSL_load_client_CA_file() reads certificates from I<file> and returns
 a STACK_OF(X509_NAME) with the subject names found.
 
+SSL_add_file_cert_subjects_to_stack() reads certificates from I<file>,
+and adds their subject name to the already existing I<stack>.
+
+SSL_add_dir_cert_subjects_to_stack() reads certificates from every
+file in the directory I<dir>, and adds their subject name to the
+already existing I<stack>.
+
 =head1 NOTES
 
 SSL_load_client_CA_file() reads a file of PEM formatted certificates and
diff --git a/crypto/openssl/doc/man3/X509_LOOKUP.pod b/crypto/openssl/doc/man3/X509_LOOKUP.pod
new file mode 100644
index 0000000000000..3e0bb6ab221c5
--- /dev/null
+++ b/crypto/openssl/doc/man3/X509_LOOKUP.pod
@@ -0,0 +1,212 @@
+=pod
+
+=head1 NAME
+
+X509_LOOKUP, X509_LOOKUP_TYPE,
+X509_LOOKUP_new, X509_LOOKUP_free, X509_LOOKUP_init,
+X509_LOOKUP_shutdown,
+X509_LOOKUP_set_method_data, X509_LOOKUP_get_method_data,
+X509_LOOKUP_ctrl,
+X509_LOOKUP_load_file, X509_LOOKUP_add_dir,
+X509_LOOKUP_get_store, X509_LOOKUP_by_subject,
+X509_LOOKUP_by_issuer_serial, X509_LOOKUP_by_fingerprint,
+X509_LOOKUP_by_alias
+- OpenSSL certificate lookup mechanisms
+
+=head1 SYNOPSIS
+
+ #include <openssl/x509_vfy.h>
+
+ typedef x509_lookup_st X509_LOOKUP;
+
+ typedef enum X509_LOOKUP_TYPE;
+
+ X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method);
+ int X509_LOOKUP_init(X509_LOOKUP *ctx);
+ int X509_LOOKUP_shutdown(X509_LOOKUP *ctx);
+ void X509_LOOKUP_free(X509_LOOKUP *ctx);
+
+ int X509_LOOKUP_set_method_data(X509_LOOKUP *ctx, void *data);
+ void *X509_LOOKUP_get_method_data(const X509_LOOKUP *ctx);
+
+ int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc,
+                      long argl, char **ret);
+ int X509_LOOKUP_load_file(X509_LOOKUP *ctx, char *name, long type);
+ int X509_LOOKUP_add_dir(X509_LOOKUP *ctx, char *name, long type);
+
+ X509_STORE *X509_LOOKUP_get_store(const X509_LOOKUP *ctx);
+
+ int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
+                            X509_NAME *name, X509_OBJECT *ret);
+ int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
+                                  X509_NAME *name, ASN1_INTEGER *serial,
+                                  X509_OBJECT *ret);
+ int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
+                                const unsigned char *bytes, int len,
+                                X509_OBJECT *ret);
+ int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
+                          const char *str, int len, X509_OBJECT *ret);
+
+=head1 DESCRIPTION
+
+The B<X509_LOOKUP> structure holds the information needed to look up
+certificates and CRLs according to an associated L<X509_LOOKUP_METHOD(3)>.
+Multiple B<X509_LOOKUP> instances can be added to an L<X509_STORE(3)>
+to enable lookup in that store.
+
+X509_LOOKUP_new() creates a new B<X509_LOOKUP> using the given lookup
+I<method>.
+It can also be created by calling L<X509_STORE_add_lookup(3)>, which
+will associate an B<X509_STORE> with the lookup mechanism.
+
+X509_LOOKUP_init() initializes the internal state and resources as
+needed by the given B<X509_LOOKUP> to do its work.
+
+X509_LOOKUP_shutdown() tears down the internal state and resources of
+the given B<X509_LOOKUP>.
+
+X509_LOOKUP_free() destructs the given B<X509_LOOKUP>.
+
+X509_LOOKUP_set_method_data() associates a pointer to application data
+to the given B<X509_LOOKUP>.
+
+X509_LOOKUP_get_method_data() retrieves a pointer to application data
+from the given B<X509_LOOKUP>.
+
+X509_LOOKUP_ctrl() is used to set or get additional data to or from an
+B<X509_LOOKUP> structure or its associated L<X509_LOOKUP_METHOD(3)>.
+The arguments of the control command are passed via I<argc> and I<argl>,
+its return value via I<*ret>.
+The meaning of the arguments depends on the I<cmd> number of the
+control command. In general, this function is not called directly, but
+wrapped by a macro call, see below.
+The control I<cmd>s known to OpenSSL are discussed in more depth
+in L</Control Commands>.
+
+X509_LOOKUP_load_file() passes a filename to be loaded immediately
+into the associated B<X509_STORE>.
+I<type> indicates what type of object is expected.
+This can only be used with a lookup using the implementation
+L<X509_LOOKUP_file(3)>.
+
+X509_LOOKUP_add_dir() passes a directory specification from which
+certificates and CRLs are loaded on demand into the associated
+B<X509_STORE>.
+I<type> indicates what type of object is expected.
+This can only be used with a lookup using the implementation
+L<X509_LOOKUP_hash_dir(3)>.
+
+X509_LOOKUP_load_file(), X509_LOOKUP_add_dir(),
+X509_LOOKUP_add_store(), and X509_LOOKUP_load_store() are implemented
+as macros that use X509_LOOKUP_ctrl().
+
+X509_LOOKUP_by_subject(), X509_LOOKUP_by_issuer_serial(),
+X509_LOOKUP_by_fingerprint(), and X509_LOOKUP_by_alias() look up
+certificates and CRLs in the L<X509_STORE(3)> associated with the
+B<X509_LOOKUP> using different criteria, where the looked up object is
+stored in I<ret>.
+Some of the underlying B<X509_LOOKUP_METHOD>s will also cache objects
+matching the criteria in the associated B<X509_STORE>, which makes it
+possible to handle cases where the criteria have more than one hit.
+
+=head2 File Types
+
+X509_LOOKUP_load_file() and X509_LOOKUP_add_dir() take a I<type>,
+which can be one of the following:
+
+=over 4
+
+=item B<X509_FILETYPE_PEM>
+
+The file or files that are loaded are expected to be in PEM format.
+
+=item B<X509_FILETYPE_ASN1>
+
+The file or files that are loaded are expected to be in raw DER format.
+
+=item B<X509_FILETYPE_DEFAULT>
+
+The default certificate file or directory is used.  In this case,
+I<name> is ignored.
+
+=begin comment
+
+TODO
+Document X509_get_default_cert_file_env(3),
+X509_get_default_cert_file(3), X509_get_default_cert_dir_env(3) and
+X509_get_default_cert_dir(3) and link to them here.
+
+=end comment
+
+=back
+
+=head2 Control Commands
+
+The B<X509_LOOKUP_METHOD>s built into OpenSSL recognise the following
+X509_LOOKUP_ctrl() I<cmd>s:
+
+=over 4
+
+=item B<X509_L_FILE_LOAD>
+
+This is the command that X509_LOOKUP_load_file() uses.
+The filename is passed in I<argc>, and the type in I<argl>.
+
+=item B<X509_L_ADD_DIR>
+
+This is the command that X509_LOOKUP_add_dir() uses.
+The directory specification is passed in I<argc>, and the type in
+I<argl>.
+
+=item B<X509_L_ADD_STORE>
+
+This is the command that X509_LOOKUP_add_store() uses.
+The URI is passed in I<argc>.
+
+=item B<X509_L_LOAD_STORE>
+
+This is the command that X509_LOOKUP_load_store() uses.
+The URI is passed in I<argc>.
+
+=back
+
+=head1 RETURN VALUES
+
+X509_LOOKUP_new() returns an B<X509_LOOKUP> pointer when successful,
+or NULL on error.
+
+X509_LOOKUP_init() and X509_LOOKUP_shutdown() return 1 on success, or
+0 on error.
+
+X509_LOOKUP_ctrl() returns -1 if the B<X509_LOOKUP> doesn't have an
+associated B<X509_LOOKUP_METHOD>, or 1 if the X<509_LOOKUP_METHOD>
+doesn't have a control function.
+Otherwise, it returns what the control function in the
+B<X509_LOOKUP_METHOD> returns, which is usually 1 on success and 0 in
+error.
+
+X509_LOOKUP_get_store() returns an B<X509_STORE> pointer if there is
+one, otherwise NULL.
+
+X509_LOOKUP_by_subject(), X509_LOOKUP_by_issuer_serial(),
+X509_LOOKUP_by_fingerprint(), and X509_LOOKUP_by_alias() all return 0
+if there is no B<X509_LOOKUP_METHOD> or that method doesn't implement
+the corresponding function.
+Otherwise, it returns what the corresponding function in the
+B<X509_LOOKUP_METHOD> returns, which is usually 1 on success and 0 in
+error.
+
+=head1 SEE ALSO
+
+L<X509_LOOKUP_METHOD(3)>, L<X509_STORE(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the Apache License 2.0 (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/crypto/openssl/doc/man3/X509_LOOKUP_meth_new.pod b/crypto/openssl/doc/man3/X509_LOOKUP_meth_new.pod
index e5f0a098b3fa4..a4e7466395dd0 100644
--- a/crypto/openssl/doc/man3/X509_LOOKUP_meth_new.pod
+++ b/crypto/openssl/doc/man3/X509_LOOKUP_meth_new.pod
@@ -2,6 +2,7 @@
 
 =head1 NAME
 
+X509_LOOKUP_METHOD,
 X509_LOOKUP_meth_new, X509_LOOKUP_meth_free, X509_LOOKUP_meth_set_new_item,
 X509_LOOKUP_meth_get_new_item, X509_LOOKUP_meth_set_free,
 X509_LOOKUP_meth_get_free, X509_LOOKUP_meth_set_init,
@@ -16,14 +17,15 @@ X509_LOOKUP_get_by_fingerprint_fn, X509_LOOKUP_meth_set_get_by_fingerprint,
 X509_LOOKUP_meth_get_get_by_fingerprint,
 X509_LOOKUP_get_by_alias_fn, X509_LOOKUP_meth_set_get_by_alias,
 X509_LOOKUP_meth_get_get_by_alias,
-X509_LOOKUP_set_method_data, X509_LOOKUP_get_method_data,
-X509_LOOKUP_get_store, X509_OBJECT_set1_X509, X509_OBJECT_set1_X509_CRL
+X509_OBJECT_set1_X509, X509_OBJECT_set1_X509_CRL
 - Routines to build up X509_LOOKUP methods
 
 =head1 SYNOPSIS
 
  #include <openssl/x509_vfy.h>
 
+ typedef x509_lookup_method_st X509_LOOKUP_METHOD;
+
  X509_LOOKUP_METHOD *X509_LOOKUP_meth_new(const char *name);
  void X509_LOOKUP_meth_free(X509_LOOKUP_METHOD *method);
 
@@ -92,11 +94,6 @@ X509_LOOKUP_get_store, X509_OBJECT_set1_X509, X509_OBJECT_set1_X509_CRL
  X509_LOOKUP_get_by_alias_fn X509_LOOKUP_meth_get_get_by_alias(
      const X509_LOOKUP_METHOD *method);
 
- int X509_LOOKUP_set_method_data(X509_LOOKUP *ctx, void *data);
- void *X509_LOOKUP_get_method_data(const X509_LOOKUP *ctx);
-
- X509_STORE *X509_LOOKUP_get_store(const X509_LOOKUP *ctx);
-
  int X509_OBJECT_set1_X509(X509_OBJECT *a, X509 *obj);
  int X509_OBJECT_set1_X509_CRL(X509_OBJECT *a, X509_CRL *obj);
 
@@ -118,7 +115,7 @@ X509_LOOKUP_get_new_item() and X509_LOOKUP_set_new_item() get and set the
 function that is called when an B<X509_LOOKUP> object is created with
 X509_LOOKUP_new(). If an X509_LOOKUP_METHOD requires any per-X509_LOOKUP
 specific data, the supplied new_item function should allocate this data and
-invoke X509_LOOKUP_set_method_data().
+invoke L<X509_LOOKUP_set_method_data(3)>.
 
 X509_LOOKUP_get_free() and X509_LOOKUP_set_free() get and set the function
 that is used to free any method data that was allocated and set from within
@@ -126,7 +123,7 @@ new_item function.
 
 X509_LOOKUP_meth_get_init() and X509_LOOKUP_meth_set_init() get and set the
 function that is used to initialize the method data that was set with
-X509_LOOKUP_set_method_data() as part of the new_item routine.
+L<X509_LOOKUP_set_method_data(3)> as part of the new_item routine.
 
 X509_LOOKUP_meth_get_shutdown() and X509_LOOKUP_meth_set_shutdown() get and set
 the function that is used to shut down the method data whose state was
@@ -164,9 +161,9 @@ increments the result's reference count.
 
 Any method data that was created as a result of the new_item function
 set by X509_LOOKUP_meth_set_new_item() can be accessed with
-X509_LOOKUP_get_method_data(). The B<X509_STORE> object that owns the
-X509_LOOKUP may be accessed with X509_LOOKUP_get_store(). Successful lookups
-should return 1, and unsuccessful lookups should return 0.
+L<X509_LOOKUP_get_method_data(3)>. The B<X509_STORE> object that owns the
+X509_LOOKUP may be accessed with L<X509_LOOKUP_get_store(3)>. Successful
+lookups should return 1, and unsuccessful lookups should return 0.
 
 X509_LOOKUP_get_get_by_subject(), X509_LOOKUP_get_get_by_issuer_serial(),
 X509_LOOKUP_get_get_by_fingerprint(), X509_LOOKUP_get_get_by_alias() retrieve
@@ -189,7 +186,7 @@ The functions described here were added in OpenSSL 1.1.0i.
 
 =head1 COPYRIGHT
 
-Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/crypto/openssl/doc/man3/X509_STORE_CTX_new.pod b/crypto/openssl/doc/man3/X509_STORE_CTX_new.pod
index 472db508bc4e2..c5042858be853 100644
--- a/crypto/openssl/doc/man3/X509_STORE_CTX_new.pod
+++ b/crypto/openssl/doc/man3/X509_STORE_CTX_new.pod
@@ -28,7 +28,7 @@ X509_STORE_CTX_verify_fn
  void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
 
  void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x);
- STACK_OF(X509) *X509_STORE_CTX_get0_chain(X609_STORE_CTX *ctx);
+ STACK_OF(X509) *X509_STORE_CTX_get0_chain(X509_STORE_CTX *ctx);
  void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *chain);
  void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk);
 
diff --git a/crypto/openssl/doc/man3/X509_STORE_add_cert.pod b/crypto/openssl/doc/man3/X509_STORE_add_cert.pod
index 3ea5b8b1272f2..d840bd6d69bf9 100644
--- a/crypto/openssl/doc/man3/X509_STORE_add_cert.pod
+++ b/crypto/openssl/doc/man3/X509_STORE_add_cert.pod
@@ -2,8 +2,10 @@
 
 =head1 NAME
 
+X509_STORE,
 X509_STORE_add_cert, X509_STORE_add_crl, X509_STORE_set_depth,
 X509_STORE_set_flags, X509_STORE_set_purpose, X509_STORE_set_trust,
+X509_STORE_add_lookup,
 X509_STORE_load_locations,
 X509_STORE_set_default_paths
 - X509_STORE manipulation
@@ -12,6 +14,8 @@ X509_STORE_set_default_paths
 
  #include <openssl/x509_vfy.h>
 
+ typedef x509_store_st X509_STORE;
+
  int X509_STORE_add_cert(X509_STORE *ctx, X509 *x);
  int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x);
  int X509_STORE_set_depth(X509_STORE *store, int depth);
@@ -19,6 +23,9 @@ X509_STORE_set_default_paths
  int X509_STORE_set_purpose(X509_STORE *ctx, int purpose);
  int X509_STORE_set_trust(X509_STORE *ctx, int trust);
 
+ X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *store,
+                                    X509_LOOKUP_METHOD *meth);
+
  int X509_STORE_load_locations(X509_STORE *ctx,
                                const char *file, const char *dir);
  int X509_STORE_set_default_paths(X509_STORE *ctx);
@@ -65,6 +72,11 @@ for the corresponding values used in certificate chain validation.  Their
 behavior is documented in the corresponding B<X509_VERIFY_PARAM> manual
 pages, e.g., L<X509_VERIFY_PARAM_set_depth(3)>.
 
+X509_STORE_add_lookup() finds or creates a L<X509_LOOKUP(3)> with the
+L<X509_LOOKUP_METHOD(3)> I<meth> and adds it to the B<X509_STORE>
+I<store>.  This also associates the B<X509_STORE> with the lookup, so
+B<X509_LOOKUP> functions can look up objects in that store.
+
 X509_STORE_load_locations() loads trusted certificate(s) into an
 B<X509_STORE> from a given file and/or directory path.  It is permitted
 to specify just a file, just a directory, or both paths.  The certificates
@@ -83,6 +95,9 @@ X509_STORE_set_flags(), X509_STORE_set_purpose(),
 X509_STORE_set_trust(), X509_STORE_load_locations(), and
 X509_STORE_set_default_paths() return 1 on success or 0 on failure.
 
+X509_STORE_add_lookup() returns the found or created
+L<X509_LOOKUP(3)>, or NULL on error.
+
 =head1 SEE ALSO
 
 L<X509_LOOKUP_hash_dir(3)>.
@@ -92,7 +107,7 @@ L<X509_STORE_get0_param(3)>
 
 =head1 COPYRIGHT
 
-Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/crypto/openssl/doc/man3/d2i_X509.pod b/crypto/openssl/doc/man3/d2i_X509.pod
index e36270f739400..a8319bd4715b6 100644
--- a/crypto/openssl/doc/man3/d2i_X509.pod
+++ b/crypto/openssl/doc/man3/d2i_X509.pod
@@ -307,7 +307,6 @@ i2d_POLICYQUALINFO,
 i2d_PROFESSION_INFO,
 i2d_PROXY_CERT_INFO_EXTENSION,
 i2d_PROXY_POLICY,
-i2d_PublicKey,
 i2d_RSAPrivateKey,
 i2d_RSAPrivateKey_bio,
 i2d_RSAPrivateKey_fp,
@@ -461,7 +460,7 @@ Represents an ASN1 OBJECT IDENTIFIER.
 
 Represents a PKCS#3 DH parameters structure.
 
-=item B<DHparamx>
+=item B<DHxparams>
 
 Represents an ANSI X9.42 DH parameters structure.
 
@@ -611,7 +610,7 @@ efficiency reasons.
 
 =head1 COPYRIGHT
 
-Copyright 1998-2019 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 1998-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/crypto/openssl/doc/man5/config.pod b/crypto/openssl/doc/man5/config.pod
index 992fdfccf9171..7b50b099198cd 100644
--- a/crypto/openssl/doc/man5/config.pod
+++ b/crypto/openssl/doc/man5/config.pod
@@ -355,6 +355,22 @@ Simple OpenSSL library configuration example to enter FIPS mode:
 Note: in the above example you will get an error in non FIPS capable versions
 of OpenSSL.
 
+Simple OpenSSL library configuration to make TLS 1.3 the system-default
+minimum TLS version:
+
+ # Toplevel section for openssl (including libssl)
+ openssl_conf = default_conf_section
+
+ [default_conf_section]
+ # We only specify configuration for the "ssl module"
+ ssl_conf = ssl_section
+
+ [ssl_section]
+ system_default = system_default_section
+
+ [system_default_section]
+ MinProtocol = TLSv1.3
+
 More complex OpenSSL library configuration. Add OID and don't enter FIPS mode:
 
  # Default appname: should match "appname" parameter (if any)
@@ -426,7 +442,7 @@ L<x509(1)>, L<req(1)>, L<ca(1)>
 
 =head1 COPYRIGHT
 
-Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/crypto/openssl/doc/man7/Ed25519.pod b/crypto/openssl/doc/man7/Ed25519.pod
index 6442e0ea43785..8ab4fff764930 100644
--- a/crypto/openssl/doc/man7/Ed25519.pod
+++ b/crypto/openssl/doc/man7/Ed25519.pod
@@ -11,7 +11,7 @@ Ed448
 The B<Ed25519> and B<Ed448> EVP_PKEY implementation supports key generation,
 one-shot digest sign and digest verify using PureEdDSA and B<Ed25519> or B<Ed448>
 (see RFC8032). It has associated private and public key formats compatible with
-draft-ietf-curdle-pkix-04.
+RFC 8410.
 
 No additional parameters can be set during key generation, one-shot signing or
 verification. In particular, because PureEdDSA is used, a digest must B<NOT> be
@@ -77,7 +77,7 @@ L<EVP_DigestVerifyInit(3)>,
 
 =head1 COPYRIGHT
 
-Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/crypto/openssl/doc/man7/X25519.pod b/crypto/openssl/doc/man7/X25519.pod
index 4851f8a1d9dcb..6f153cb4b983b 100644
--- a/crypto/openssl/doc/man7/X25519.pod
+++ b/crypto/openssl/doc/man7/X25519.pod
@@ -10,7 +10,7 @@ X448
 
 The B<X25519> and B<X448> EVP_PKEY implementation supports key generation and
 key derivation using B<X25519> and B<X448>. It has associated private and public
-key formats compatible with draft-ietf-curdle-pkix-03.
+key formats compatible with RFC 8410.
 
 No additional parameters can be set during key generation.
 
@@ -64,7 +64,7 @@ L<EVP_PKEY_derive_set_peer(3)>
 
 =head1 COPYRIGHT
 
-Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/crypto/openssl/doc/man7/passphrase-encoding.pod b/crypto/openssl/doc/man7/passphrase-encoding.pod
index 68108445269b7..19dcef9acc365 100644
--- a/crypto/openssl/doc/man7/passphrase-encoding.pod
+++ b/crypto/openssl/doc/man7/passphrase-encoding.pod
@@ -65,7 +65,7 @@ A pass phrase encoded in ISO-8859-2 could very well have a sequence such as
 0xC3 0xAF (which is the two characters "LATIN CAPITAL LETTER A WITH BREVE"
 and "LATIN CAPITAL LETTER Z WITH DOT ABOVE" in ISO-8859-2 encoding), but would
 be misinterpreted as the perfectly valid UTF-8 encoded code point U+00EF (LATIN
-SMALL LETTER I WITH DIARESIS) I<if the pass phrase doesn't contain anything that
+SMALL LETTER I WITH DIAERESIS) I<if the pass phrase doesn't contain anything that
 would be invalid UTF-8>.
 A pass phrase that contains this kind of byte sequence will give a different
 outcome in OpenSSL 1.1.0 and newer than in OpenSSL older than 1.1.0.
@@ -170,7 +170,7 @@ L<d2i_PKCS8PrivateKey_bio(3)>
 
 =head1 COPYRIGHT
 
-Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2018-2020 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/crypto/openssl/doc/man7/proxy-certificates.pod b/crypto/openssl/doc/man7/proxy-certificates.pod
new file mode 100644
index 0000000000000..df5ee1b4b5188
--- /dev/null
+++ b/crypto/openssl/doc/man7/proxy-certificates.pod
@@ -0,0 +1,363 @@
+=pod
+
+=encoding UTF-8
+
+=head1 NAME
+
+proxy-certificates - Proxy certificates in OpenSSL
+
+=head1 DESCRIPTION
+
+Proxy certificates are defined in RFC 3820.  They are used to
+extend rights to some other entity (a computer process, typically, or
+sometimes to the user itself).  This allows the entity to perform
+operations on behalf of the owner of the EE (End Entity) certificate.
+
+The requirements for a valid proxy certificate are:
+
+=over 4
+
+=item *
+
+They are issued by an End Entity, either a normal EE certificate, or
+another proxy certificate.
+
+=item *
+
+They must not have the B<subjectAltName> or B<issuerAltName>
+extensions.
+
+=item *
+
+They must have the B<proxyCertInfo> extension.
+
+=item *
+
+They must have the subject of their issuer, with one B<commonName>
+added.
+
+=back
+
+=head2 Enabling proxy certificate verification
+
+OpenSSL expects applications that want to use proxy certificates to be
+specially aware of them, and make that explicit.  This is done by
+setting an X509 verification flag:
+
+    X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_ALLOW_PROXY_CERTS);
+
+or
+
+    X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_ALLOW_PROXY_CERTS);
+
+See L</NOTES> for a discussion on this requirement.
+
+=head2 Creating proxy certificates
+
+Creating proxy certificates can be done using the L<openssl-x509(1)>
+command, with some extra extensions:
+
+    [ v3_proxy ]
+    # A proxy certificate MUST NEVER be a CA certificate.
+    basicConstraints=CA:FALSE
+
+    # Usual authority key ID
+    authorityKeyIdentifier=keyid,issuer:always
+
+    # The extension which marks this certificate as a proxy
+    proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:1,policy:text:AB
+
+It's also possible to specify the proxy extension in a separate section:
+
+    proxyCertInfo=critical,@proxy_ext
+
+    [ proxy_ext ]
+    language=id-ppl-anyLanguage
+    pathlen=0
+    policy=text:BC
+
+The policy value has a specific syntax, I<syntag>:I<string>, where the
+I<syntag> determines what will be done with the string.  The following
+I<syntag>s are recognised:
+
+=over 4
+
+=item B<text>
+
+indicates that the string is a byte sequence, without any encoding:
+
+    policy=text:räksmörgås
+
+=item B<hex>
+
+indicates the string is encoded hexadecimal encoded binary data, with
+colons between each byte (every second hex digit):
+
+    policy=hex:72:E4:6B:73:6D:F6:72:67:E5:73
+
+=item B<file>
+
+indicates that the text of the policy should be taken from a file.
+The string is then a filename.  This is useful for policies that are
+large (more than a few lines, e.g. XML documents).
+
+=back
+
+I<NOTE: The proxy policy value is what determines the rights granted
+to the process during the proxy certificate.  It's up to the
+application to interpret and combine these policies.>
+
+With a proxy extension, creating a proxy certificate is a matter of
+two commands:
+
+    openssl req -new -config proxy.cnf \
+        -out proxy.req -keyout proxy.key \
+        -subj "/DC=org/DC=openssl/DC=users/CN=proxy 1"
+
+    openssl x509 -req -CAcreateserial -in proxy.req -out proxy.crt \
+        -CA user.crt -CAkey user.key -days 7 \
+        -extfile proxy.cnf -extensions v3_proxy1
+
+You can also create a proxy certificate using another proxy
+certificate as issuer (note: using a different configuration
+section for the proxy extensions):
+
+    openssl req -new -config proxy.cnf \
+        -out proxy2.req -keyout proxy2.key \
+        -subj "/DC=org/DC=openssl/DC=users/CN=proxy 1/CN=proxy 2"
+
+    openssl x509 -req -CAcreateserial -in proxy2.req -out proxy2.crt \
+        -CA proxy.crt -CAkey proxy.key -days 7 \
+        -extfile proxy.cnf -extensions v3_proxy2
+
+=head2 Using proxy certs in applications
+
+To interpret proxy policies, the application would normally start with
+some default rights (perhaps none at all), then compute the resulting
+rights by checking the rights against the chain of proxy certificates,
+user certificate and CA certificates.
+
+The complicated part is figuring out how to pass data between your
+application and the certificate validation procedure.
+
+The following ingredients are needed for such processing:
+
+=over 4
+
+=item *
+
+a callback function that will be called for every certificate being
+validated.  The callback is called several times for each certificate,
+so you must be careful to do the proxy policy interpretation at the
+right time.  You also need to fill in the defaults when the EE
+certificate is checked.
+
+=item *
+
+a data structure that is shared between your application code and the
+callback.
+
+=item *
+
+a wrapper function that sets it all up.
+
+=item *
+
+an ex_data index function that creates an index into the generic
+ex_data store that is attached to an X509 validation context.
+
+=back
+
+The following skeleton code can be used as a starting point:
+
+    #include <string.h>
+    #include <netdb.h>
+    #include <openssl/x509.h>
+    #include <openssl/x509v3.h>
+
+    #define total_rights 25
+
+    /*
+     * In this example, I will use a view of granted rights as a bit
+     * array, one bit for each possible right.
+     */
+    typedef struct your_rights {
+        unsigned char rights[(total_rights + 7) / 8];
+    } YOUR_RIGHTS;
+
+    /*
+     * The following procedure will create an index for the ex_data
+     * store in the X509 validation context the first time it's
+     * called.  Subsequent calls will return the same index.
+     */
+    static int get_proxy_auth_ex_data_idx(X509_STORE_CTX *ctx)
+    {
+        static volatile int idx = -1;
+
+        if (idx < 0) {
+            X509_STORE_lock(X509_STORE_CTX_get0_store(ctx));
+            if (idx < 0) {
+                idx = X509_STORE_CTX_get_ex_new_index(0,
+                                                      "for verify callback",
+                                                      NULL,NULL,NULL);
+            }
+            X509_STORE_unlock(X509_STORE_CTX_get0_store(ctx));
+        }
+        return idx;
+    }
+
+    /* Callback to be given to the X509 validation procedure.  */
+    static int verify_callback(int ok, X509_STORE_CTX *ctx)
+    {
+        if (ok == 1) {
+            /*
+             * It's REALLY important you keep the proxy policy check
+             * within this section.  It's important to know that when
+             * ok is 1, the certificates are checked from top to
+             * bottom.  You get the CA root first, followed by the
+             * possible chain of intermediate CAs, followed by the EE
+             * certificate, followed by the possible proxy
+             * certificates. 
+             */
+            X509 *xs = X509_STORE_CTX_get_current_cert(ctx);
+
+            if (X509_get_extension_flags(xs) & EXFLAG_PROXY) {
+                YOUR_RIGHTS *rights =
+                    (YOUR_RIGHTS *)X509_STORE_CTX_get_ex_data(ctx,
+                        get_proxy_auth_ex_data_idx(ctx));
+                PROXY_CERT_INFO_EXTENSION *pci =
+                    X509_get_ext_d2i(xs, NID_proxyCertInfo, NULL, NULL);
+
+                switch (OBJ_obj2nid(pci->proxyPolicy->policyLanguage)) {
+                case NID_Independent:
+                    /*
+                     * Do whatever you need to grant explicit rights
+                     * to this particular proxy certificate, usually
+                     * by pulling them from some database.  If there
+                     * are none to be found, clear all rights (making
+                     * this and any subsequent proxy certificate void
+                     * of any rights). 
+                     */
+                    memset(rights->rights, 0, sizeof(rights->rights));
+                    break;
+                case NID_id_ppl_inheritAll:
+                    /*
+                     * This is basically a NOP, we simply let the
+                     * current rights stand as they are.
+                     */
+                    break;
+                default:
+                    /*
+                     * This is usually the most complex section of
+                     * code.  You really do whatever you want as long
+                     * as you follow RFC 3820.  In the example we use
+                     * here, the simplest thing to do is to build
+                     * another, temporary bit array and fill it with
+                     * the rights granted by the current proxy
+                     * certificate, then use it as a mask on the
+                     * accumulated rights bit array, and voilà, you
+                     * now have a new accumulated rights bit array.
+                     */
+                    {
+                        int i;
+                        YOUR_RIGHTS tmp_rights;
+                        memset(tmp_rights.rights, 0,
+                               sizeof(tmp_rights.rights));
+
+                        /*
+                         * process_rights() is supposed to be a
+                         * procedure that takes a string and its
+                         * length, interprets it and sets the bits
+                         * in the YOUR_RIGHTS pointed at by the
+                         * third argument.
+                         */
+                        process_rights((char *) pci->proxyPolicy->policy->data,
+                                       pci->proxyPolicy->policy->length,
+                                       &tmp_rights);
+
+                        for(i = 0; i < total_rights / 8; i++)
+                            rights->rights[i] &= tmp_rights.rights[i];
+                    }
+                    break;
+                }
+                PROXY_CERT_INFO_EXTENSION_free(pci);
+            } else if (!(X509_get_extension_flags(xs) & EXFLAG_CA)) {
+                /* We have an EE certificate, let's use it to set default! */
+                YOUR_RIGHTS *rights =
+                    (YOUR_RIGHTS *)X509_STORE_CTX_get_ex_data(ctx,
+                        get_proxy_auth_ex_data_idx(ctx));
+
+                /*
+                 * The following procedure finds out what rights the
+                 * owner of the current certificate has, and sets them
+                 * in the YOUR_RIGHTS structure pointed at by the
+                 * second argument.
+                 */
+                set_default_rights(xs, rights);
+            }
+        }
+        return ok;
+    }
+
+    static int my_X509_verify_cert(X509_STORE_CTX *ctx,
+                                   YOUR_RIGHTS *needed_rights)
+    {
+        int ok;
+        int (*save_verify_cb)(int ok,X509_STORE_CTX *ctx) =
+            X509_STORE_CTX_get_verify_cb(ctx);
+        YOUR_RIGHTS rights;
+
+        X509_STORE_CTX_set_verify_cb(ctx, verify_callback);
+        X509_STORE_CTX_set_ex_data(ctx, get_proxy_auth_ex_data_idx(ctx),
+                                   &rights);
+        X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_ALLOW_PROXY_CERTS);
+        ok = X509_verify_cert(ctx);
+
+        if (ok == 1) {
+            ok = check_needed_rights(rights, needed_rights);
+        }
+
+        X509_STORE_CTX_set_verify_cb(ctx, save_verify_cb);
+
+        return ok;
+    }
+
+If you use SSL or TLS, you can easily set up a callback to have the
+certificates checked properly, using the code above:
+
+    SSL_CTX_set_cert_verify_callback(s_ctx, my_X509_verify_cert,
+                                     &needed_rights);
+
+=head1 NOTES
+
+To this date, it seems that proxy certificates have only been used in
+environments that are aware of them, and no one seems to have
+investigated how they can be used or misused outside of such an
+environment.
+
+For that reason, OpenSSL requires that applications aware of proxy
+certificates must also make that explicit.
+
+B<subjectAltName> and B<issuerAltName> are forbidden in proxy
+certificates, and this is enforced in OpenSSL.  The subject must be
+the same as the issuer, with one commonName added on.
+
+=head1 SEE ALSO
+
+L<X509_STORE_CTX_set_flags(3)>,
+L<X509_STORE_CTX_set_verify_cb(3)>,
+L<X509_VERIFY_PARAM_set_flags(3)>,
+L<SSL_CTX_set_cert_verify_callback(3)>,
+L<openssl-req(1)>, L<openssl-x509(1)>,
+L<RFC 3820|https://tools.ietf.org/html/rfc3820>
+
+=head1 COPYRIGHT
+
+Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the Apache License 2.0 (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/crypto/openssl/e_os.h b/crypto/openssl/e_os.h
index 858bc40cb1fce..34223a0bcdb60 100644
--- a/crypto/openssl/e_os.h
+++ b/crypto/openssl/e_os.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -7,8 +7,8 @@
  * https://www.openssl.org/source/license.html
  */
 
-#ifndef HEADER_E_OS_H
-# define HEADER_E_OS_H
+#ifndef OSSL_E_OS_H
+# define OSSL_E_OS_H
 
 # include <limits.h>
 # include <openssl/opensslconf.h>
@@ -42,7 +42,7 @@
 #   endif
 /*
  * Some operating systems do not permit select(2) on their random devices,
- * defining this to zero will force the used of read(2) to extract one byte
+ * defining this to zero will force the use of read(2) to extract one byte
  * from /dev/random.
  */
 #   ifndef DEVRANDM_WAIT_USE_SELECT
diff --git a/crypto/openssl/engines/e_afalg.c b/crypto/openssl/engines/e_afalg.c
index 7f62d77e5bc17..4b1722846133f 100644
--- a/crypto/openssl/engines/e_afalg.c
+++ b/crypto/openssl/engines/e_afalg.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -456,7 +456,7 @@ static int afalg_start_cipher_sk(afalg_ctx *actx, const unsigned char *in,
 
     /*
      * vmsplice and splice are used to pin the user space input buffer for
-     * kernel space processing avoiding copys from user to kernel space
+     * kernel space processing avoiding copies from user to kernel space
      */
     ret = vmsplice(actx->zc_pipe[1], &iov, 1, SPLICE_F_GIFT);
     if (ret < 0) {
diff --git a/crypto/openssl/engines/e_afalg.h b/crypto/openssl/engines/e_afalg.h
index 2c03c448d684a..3323c898c6344 100644
--- a/crypto/openssl/engines/e_afalg.h
+++ b/crypto/openssl/engines/e_afalg.h
@@ -7,8 +7,8 @@
  * https://www.openssl.org/source/license.html
  */
 
-#ifndef HEADER_AFALG_H
-# define HEADER_AFALG_H
+#ifndef OSSL_ENGINES_E_AFALG_H
+# define OSSL_ENGINES_E_AFALG_H
 
 # if defined(__GNUC__) && __GNUC__ >= 4 && \
      (!defined(__STDC_VERSION__) || __STDC_VERSION__ < 199901L)
diff --git a/crypto/openssl/engines/e_afalg_err.h b/crypto/openssl/engines/e_afalg_err.h
index 3eb1332bbfe46..3036443f44706 100644
--- a/crypto/openssl/engines/e_afalg_err.h
+++ b/crypto/openssl/engines/e_afalg_err.h
@@ -8,8 +8,8 @@
  * https://www.openssl.org/source/license.html
  */
 
-#ifndef HEADER_AFALGERR_H
-# define HEADER_AFALGERR_H
+#ifndef OSSL_ENGINES_E_AFALG_ERR_H
+# define OSSL_ENGINES_E_AFALG_ERR_H
 
 # define AFALGerr(f, r) ERR_AFALG_error((f), (r), OPENSSL_FILE, OPENSSL_LINE)
 
diff --git a/crypto/openssl/engines/e_capi_err.h b/crypto/openssl/engines/e_capi_err.h
index e034c98cae842..e3a927aa73398 100644
--- a/crypto/openssl/engines/e_capi_err.h
+++ b/crypto/openssl/engines/e_capi_err.h
@@ -8,8 +8,8 @@
  * https://www.openssl.org/source/license.html
  */
 
-#ifndef HEADER_CAPIERR_H
-# define HEADER_CAPIERR_H
+#ifndef OSSL_ENGINES_E_CAPI_ERR_H
+# define OSSL_ENGINES_E_CAPI_ERR_H
 
 # define CAPIerr(f, r) ERR_CAPI_error((f), (r), OPENSSL_FILE, OPENSSL_LINE)
 
diff --git a/crypto/openssl/engines/e_dasync_err.h b/crypto/openssl/engines/e_dasync_err.h
index 7c2c0278790b5..5b74d8be25f1e 100644
--- a/crypto/openssl/engines/e_dasync_err.h
+++ b/crypto/openssl/engines/e_dasync_err.h
@@ -8,8 +8,8 @@
  * https://www.openssl.org/source/license.html
  */
 
-#ifndef HEADER_DASYNCERR_H
-# define HEADER_DASYNCERR_H
+#ifndef OSSL_ENGINES_E_DASYNC_ERR_H
+# define OSSL_ENGINES_E_DASYNC_ERR_H
 
 # define DASYNCerr(f, r) ERR_DASYNC_error((f), (r), OPENSSL_FILE, OPENSSL_LINE)
 
diff --git a/crypto/openssl/engines/e_ossltest_err.h b/crypto/openssl/engines/e_ossltest_err.h
index e745c1a236d4d..8e6535b76c08e 100644
--- a/crypto/openssl/engines/e_ossltest_err.h
+++ b/crypto/openssl/engines/e_ossltest_err.h
@@ -8,8 +8,8 @@
  * https://www.openssl.org/source/license.html
  */
 
-#ifndef HEADER_OSSLTESTERR_H
-# define HEADER_OSSLTESTERR_H
+#ifndef OSSL_ENGINES_E_OSSLTEST_ERR_H
+# define OSSL_ENGINES_E_OSSLTEST_ERR_H
 
 # define OSSLTESTerr(f, r) ERR_OSSLTEST_error((f), (r), OPENSSL_FILE, OPENSSL_LINE)
 
diff --git a/crypto/openssl/include/crypto/__DECC_INCLUDE_EPILOGUE.H b/crypto/openssl/include/crypto/__DECC_INCLUDE_EPILOGUE.H
new file mode 100644
index 0000000000000..c350018ad1906
--- /dev/null
+++ b/crypto/openssl/include/crypto/__DECC_INCLUDE_EPILOGUE.H
@@ -0,0 +1,16 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * This file is only used by HP C on VMS, and is included automatically
+ * after each header file from this directory
+ */
+
+/* restore state.  Must correspond to the save in __decc_include_prologue.h */
+#pragma names restore
diff --git a/crypto/openssl/include/crypto/__DECC_INCLUDE_PROLOGUE.H b/crypto/openssl/include/crypto/__DECC_INCLUDE_PROLOGUE.H
new file mode 100644
index 0000000000000..9a9c777f93f8a
--- /dev/null
+++ b/crypto/openssl/include/crypto/__DECC_INCLUDE_PROLOGUE.H
@@ -0,0 +1,20 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * This file is only used by HP C on VMS, and is included automatically
+ * after each header file from this directory
+ */
+
+/* save state */
+#pragma names save
+/* have the compiler shorten symbols larger than 31 chars to 23 chars
+ * followed by a 8 hex char CRC
+ */
+#pragma names as_is,shortened
diff --git a/crypto/openssl/include/crypto/aria.h b/crypto/openssl/include/crypto/aria.h
new file mode 100644
index 0000000000000..03a62950ae41e
--- /dev/null
+++ b/crypto/openssl/include/crypto/aria.h
@@ -0,0 +1,50 @@
+/*
+ * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2017, Oracle and/or its affiliates.  All rights reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+ /* Copyright (c) 2017 National Security Research Institute.  All rights reserved. */
+
+#ifndef OSSL_CRYPTO_ARIA_H
+# define OSSL_CRYPTO_ARIA_H
+
+# include <openssl/opensslconf.h>
+
+# ifdef OPENSSL_NO_ARIA
+#  error ARIA is disabled.
+# endif
+
+# define ARIA_ENCRYPT     1
+# define ARIA_DECRYPT     0
+
+# define ARIA_BLOCK_SIZE    16  /* Size of each encryption/decryption block */
+# define ARIA_MAX_KEYS      17  /* Number of keys needed in the worst case  */
+
+typedef union {
+    unsigned char c[ARIA_BLOCK_SIZE];
+    unsigned int u[ARIA_BLOCK_SIZE / sizeof(unsigned int)];
+} ARIA_u128;
+
+typedef unsigned char ARIA_c128[ARIA_BLOCK_SIZE];
+
+struct aria_key_st {
+    ARIA_u128 rd_key[ARIA_MAX_KEYS];
+    unsigned int rounds;
+};
+typedef struct aria_key_st ARIA_KEY;
+
+
+int aria_set_encrypt_key(const unsigned char *userKey, const int bits,
+                         ARIA_KEY *key);
+int aria_set_decrypt_key(const unsigned char *userKey, const int bits,
+                         ARIA_KEY *key);
+
+void aria_encrypt(const unsigned char *in, unsigned char *out,
+                  const ARIA_KEY *key);
+
+#endif
diff --git a/crypto/openssl/include/crypto/asn1.h b/crypto/openssl/include/crypto/asn1.h
new file mode 100644
index 0000000000000..9c9b4d897456a
--- /dev/null
+++ b/crypto/openssl/include/crypto/asn1.h
@@ -0,0 +1,113 @@
+/*
+ * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Internal ASN1 structures and functions: not for application use */
+
+/* ASN1 public key method structure */
+
+struct evp_pkey_asn1_method_st {
+    int pkey_id;
+    int pkey_base_id;
+    unsigned long pkey_flags;
+    char *pem_str;
+    char *info;
+    int (*pub_decode) (EVP_PKEY *pk, X509_PUBKEY *pub);
+    int (*pub_encode) (X509_PUBKEY *pub, const EVP_PKEY *pk);
+    int (*pub_cmp) (const EVP_PKEY *a, const EVP_PKEY *b);
+    int (*pub_print) (BIO *out, const EVP_PKEY *pkey, int indent,
+                      ASN1_PCTX *pctx);
+    int (*priv_decode) (EVP_PKEY *pk, const PKCS8_PRIV_KEY_INFO *p8inf);
+    int (*priv_encode) (PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk);
+    int (*priv_print) (BIO *out, const EVP_PKEY *pkey, int indent,
+                       ASN1_PCTX *pctx);
+    int (*pkey_size) (const EVP_PKEY *pk);
+    int (*pkey_bits) (const EVP_PKEY *pk);
+    int (*pkey_security_bits) (const EVP_PKEY *pk);
+    int (*param_decode) (EVP_PKEY *pkey,
+                         const unsigned char **pder, int derlen);
+    int (*param_encode) (const EVP_PKEY *pkey, unsigned char **pder);
+    int (*param_missing) (const EVP_PKEY *pk);
+    int (*param_copy) (EVP_PKEY *to, const EVP_PKEY *from);
+    int (*param_cmp) (const EVP_PKEY *a, const EVP_PKEY *b);
+    int (*param_print) (BIO *out, const EVP_PKEY *pkey, int indent,
+                        ASN1_PCTX *pctx);
+    int (*sig_print) (BIO *out,
+                      const X509_ALGOR *sigalg, const ASN1_STRING *sig,
+                      int indent, ASN1_PCTX *pctx);
+    void (*pkey_free) (EVP_PKEY *pkey);
+    int (*pkey_ctrl) (EVP_PKEY *pkey, int op, long arg1, void *arg2);
+    /* Legacy functions for old PEM */
+    int (*old_priv_decode) (EVP_PKEY *pkey,
+                            const unsigned char **pder, int derlen);
+    int (*old_priv_encode) (const EVP_PKEY *pkey, unsigned char **pder);
+    /* Custom ASN1 signature verification */
+    int (*item_verify) (EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
+                        X509_ALGOR *a, ASN1_BIT_STRING *sig, EVP_PKEY *pkey);
+    int (*item_sign) (EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
+                      X509_ALGOR *alg1, X509_ALGOR *alg2,
+                      ASN1_BIT_STRING *sig);
+    int (*siginf_set) (X509_SIG_INFO *siginf, const X509_ALGOR *alg,
+                       const ASN1_STRING *sig);
+    /* Check */
+    int (*pkey_check) (const EVP_PKEY *pk);
+    int (*pkey_public_check) (const EVP_PKEY *pk);
+    int (*pkey_param_check) (const EVP_PKEY *pk);
+    /* Get/set raw private/public key data */
+    int (*set_priv_key) (EVP_PKEY *pk, const unsigned char *priv, size_t len);
+    int (*set_pub_key) (EVP_PKEY *pk, const unsigned char *pub, size_t len);
+    int (*get_priv_key) (const EVP_PKEY *pk, unsigned char *priv, size_t *len);
+    int (*get_pub_key) (const EVP_PKEY *pk, unsigned char *pub, size_t *len);
+} /* EVP_PKEY_ASN1_METHOD */ ;
+
+DEFINE_STACK_OF_CONST(EVP_PKEY_ASN1_METHOD)
+
+extern const EVP_PKEY_ASN1_METHOD cmac_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD dh_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD dhx_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[5];
+extern const EVP_PKEY_ASN1_METHOD eckey_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD ecx25519_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD ecx448_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD ed25519_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD ed448_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD sm2_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD poly1305_asn1_meth;
+
+extern const EVP_PKEY_ASN1_METHOD hmac_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[2];
+extern const EVP_PKEY_ASN1_METHOD rsa_pss_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD siphash_asn1_meth;
+
+/*
+ * These are used internally in the ASN1_OBJECT to keep track of whether the
+ * names and data need to be free()ed
+ */
+# define ASN1_OBJECT_FLAG_DYNAMIC         0x01/* internal use */
+# define ASN1_OBJECT_FLAG_CRITICAL        0x02/* critical x509v3 object id */
+# define ASN1_OBJECT_FLAG_DYNAMIC_STRINGS 0x04/* internal use */
+# define ASN1_OBJECT_FLAG_DYNAMIC_DATA    0x08/* internal use */
+struct asn1_object_st {
+    const char *sn, *ln;
+    int nid;
+    int length;
+    const unsigned char *data;  /* data remains const after init */
+    int flags;                  /* Should we free this one */
+};
+
+/* ASN1 print context structure */
+
+struct asn1_pctx_st {
+    unsigned long flags;
+    unsigned long nm_flags;
+    unsigned long cert_flags;
+    unsigned long oid_flags;
+    unsigned long str_flags;
+} /* ASN1_PCTX */ ;
+
+int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb);
diff --git a/crypto/openssl/include/crypto/async.h b/crypto/openssl/include/crypto/async.h
new file mode 100644
index 0000000000000..dc8e937b0ceda
--- /dev/null
+++ b/crypto/openssl/include/crypto/async.h
@@ -0,0 +1,15 @@
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/async.h>
+
+int async_init(void);
+void async_deinit(void);
+void async_delete_thread_state(void);
+
diff --git a/crypto/openssl/include/crypto/bn.h b/crypto/openssl/include/crypto/bn.h
new file mode 100644
index 0000000000000..60afda1dadee0
--- /dev/null
+++ b/crypto/openssl/include/crypto/bn.h
@@ -0,0 +1,90 @@
+/*
+ * Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_BN_H
+# define OSSL_CRYPTO_BN_H
+
+# include <openssl/bn.h>
+# include <limits.h>
+
+BIGNUM *bn_wexpand(BIGNUM *a, int words);
+BIGNUM *bn_expand2(BIGNUM *a, int words);
+
+void bn_correct_top(BIGNUM *a);
+
+/*
+ * Determine the modified width-(w+1) Non-Adjacent Form (wNAF) of 'scalar'.
+ * This is an array r[] of values that are either zero or odd with an
+ * absolute value less than 2^w satisfying scalar = \sum_j r[j]*2^j where at
+ * most one of any w+1 consecutive digits is non-zero with the exception that
+ * the most significant digit may be only w-1 zeros away from that next
+ * non-zero digit.
+ */
+signed char *bn_compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len);
+
+int bn_get_top(const BIGNUM *a);
+
+int bn_get_dmax(const BIGNUM *a);
+
+/* Set all words to zero */
+void bn_set_all_zero(BIGNUM *a);
+
+/*
+ * Copy the internal BIGNUM words into out which holds size elements (and size
+ * must be bigger than top)
+ */
+int bn_copy_words(BN_ULONG *out, const BIGNUM *in, int size);
+
+BN_ULONG *bn_get_words(const BIGNUM *a);
+
+/*
+ * Set the internal data words in a to point to words which contains size
+ * elements. The BN_FLG_STATIC_DATA flag is set
+ */
+void bn_set_static_words(BIGNUM *a, const BN_ULONG *words, int size);
+
+/*
+ * Copy words into the BIGNUM |a|, reallocating space as necessary.
+ * The negative flag of |a| is not modified.
+ * Returns 1 on success and 0 on failure.
+ */
+/*
+ * |num_words| is int because bn_expand2 takes an int. This is an internal
+ * function so we simply trust callers not to pass negative values.
+ */
+int bn_set_words(BIGNUM *a, const BN_ULONG *words, int num_words);
+
+/*
+ * Some BIGNUM functions assume most significant limb to be non-zero, which
+ * is customarily arranged by bn_correct_top. Output from below functions
+ * is not processed with bn_correct_top, and for this reason it may not be
+ * returned out of public API. It may only be passed internally into other
+ * functions known to support non-minimal or zero-padded BIGNUMs. Even
+ * though the goal is to facilitate constant-time-ness, not each subroutine
+ * is constant-time by itself. They all have pre-conditions, consult source
+ * code...
+ */
+int bn_mul_mont_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+                          BN_MONT_CTX *mont, BN_CTX *ctx);
+int bn_to_mont_fixed_top(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont,
+                         BN_CTX *ctx);
+int bn_from_mont_fixed_top(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont,
+                           BN_CTX *ctx);
+int bn_mod_add_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+                         const BIGNUM *m);
+int bn_mod_sub_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+                         const BIGNUM *m);
+int bn_mul_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
+int bn_sqr_fixed_top(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx);
+int bn_lshift_fixed_top(BIGNUM *r, const BIGNUM *a, int n);
+int bn_rshift_fixed_top(BIGNUM *r, const BIGNUM *a, int n);
+int bn_div_fixed_top(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m,
+                     const BIGNUM *d, BN_CTX *ctx);
+
+#endif
diff --git a/crypto/openssl/crypto/include/internal/bn_conf.h b/crypto/openssl/include/crypto/bn_conf.h
index 87d5cf3fdc48d..cf11513144a2a 100644
--- a/crypto/openssl/crypto/include/internal/bn_conf.h
+++ b/crypto/openssl/include/crypto/bn_conf.h
@@ -1,6 +1,6 @@
 /* $FreeBSD$ */
 /* WARNING: do not edit! */
-/* Generated by Makefile from crypto/include/internal/bn_conf.h.in */
+/* Generated by Makefile from include/crypto/bn_conf.h.in */
 /*
  * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
  *
@@ -10,8 +10,8 @@
  * https://www.openssl.org/source/license.html
  */
 
-#ifndef HEADER_BN_CONF_H
-# define HEADER_BN_CONF_H
+#ifndef OSSL_CRYPTO_BN_CONF_H
+# define OSSL_CRYPTO_BN_CONF_H
 
 /*
  * The contents of this file are not used in the UEFI build, as
diff --git a/crypto/openssl/include/crypto/bn_conf.h.in b/crypto/openssl/include/crypto/bn_conf.h.in
new file mode 100644
index 0000000000000..b6b9eb743fd37
--- /dev/null
+++ b/crypto/openssl/include/crypto/bn_conf.h.in
@@ -0,0 +1,27 @@
+{- join("\n",map { "/* $_ */" } @autowarntext) -}
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_BN_CONF_H
+# define OSSL_CRYPTO_BN_CONF_H
+
+/*
+ * The contents of this file are not used in the UEFI build, as
+ * both 32-bit and 64-bit builds are supported from a single run
+ * of the Configure script.
+ */
+
+/* Should we define BN_DIV2W here? */
+
+/* Only one for the following should be defined */
+{- $config{b64l} ? "#define" : "#undef" -} SIXTY_FOUR_BIT_LONG
+{- $config{b64}  ? "#define" : "#undef" -} SIXTY_FOUR_BIT
+{- $config{b32}  ? "#define" : "#undef" -} THIRTY_TWO_BIT
+
+#endif
diff --git a/crypto/openssl/include/crypto/bn_dh.h b/crypto/openssl/include/crypto/bn_dh.h
new file mode 100644
index 0000000000000..70ebca28753c2
--- /dev/null
+++ b/crypto/openssl/include/crypto/bn_dh.h
@@ -0,0 +1,24 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#define declare_dh_bn(x) \
+    extern const BIGNUM _bignum_dh##x##_p;              \
+    extern const BIGNUM _bignum_dh##x##_g;              \
+    extern const BIGNUM _bignum_dh##x##_q;
+
+declare_dh_bn(1024_160)
+declare_dh_bn(2048_224)
+declare_dh_bn(2048_256)
+
+extern const BIGNUM _bignum_ffdhe2048_p;
+extern const BIGNUM _bignum_ffdhe3072_p;
+extern const BIGNUM _bignum_ffdhe4096_p;
+extern const BIGNUM _bignum_ffdhe6144_p;
+extern const BIGNUM _bignum_ffdhe8192_p;
+extern const BIGNUM _bignum_const_2;
diff --git a/crypto/openssl/include/crypto/bn_srp.h b/crypto/openssl/include/crypto/bn_srp.h
new file mode 100644
index 0000000000000..d4b282a6bbbe6
--- /dev/null
+++ b/crypto/openssl/include/crypto/bn_srp.h
@@ -0,0 +1,32 @@
+/*
+ * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_NO_SRP
+
+extern const BIGNUM bn_group_1024;
+
+extern const BIGNUM bn_group_1536;
+
+extern const BIGNUM bn_group_2048;
+
+extern const BIGNUM bn_group_3072;
+
+extern const BIGNUM bn_group_4096;
+
+extern const BIGNUM bn_group_6144;
+
+extern const BIGNUM bn_group_8192;
+
+extern const BIGNUM bn_generator_19;
+
+extern const BIGNUM bn_generator_5;
+
+extern const BIGNUM bn_generator_2;
+
+#endif
diff --git a/crypto/openssl/include/crypto/chacha.h b/crypto/openssl/include/crypto/chacha.h
new file mode 100644
index 0000000000000..4029400a670cc
--- /dev/null
+++ b/crypto/openssl/include/crypto/chacha.h
@@ -0,0 +1,42 @@
+/*
+ * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_CHACHA_H
+#define OSSL_CRYPTO_CHACHA_H
+
+#include <stddef.h>
+
+/*
+ * ChaCha20_ctr32 encrypts |len| bytes from |inp| with the given key and
+ * nonce and writes the result to |out|, which may be equal to |inp|.
+ * The |key| is not 32 bytes of verbatim key material though, but the
+ * said material collected into 8 32-bit elements array in host byte
+ * order. Same approach applies to nonce: the |counter| argument is
+ * pointer to concatenated nonce and counter values collected into 4
+ * 32-bit elements. This, passing crypto material collected into 32-bit
+ * elements as opposite to passing verbatim byte vectors, is chosen for
+ * efficiency in multi-call scenarios.
+ */
+void ChaCha20_ctr32(unsigned char *out, const unsigned char *inp,
+                    size_t len, const unsigned int key[8],
+                    const unsigned int counter[4]);
+/*
+ * You can notice that there is no key setup procedure. Because it's
+ * as trivial as collecting bytes into 32-bit elements, it's reckoned
+ * that below macro is sufficient.
+ */
+#define CHACHA_U8TOU32(p)  ( \
+                ((unsigned int)(p)[0])     | ((unsigned int)(p)[1]<<8) | \
+                ((unsigned int)(p)[2]<<16) | ((unsigned int)(p)[3]<<24)  )
+
+#define CHACHA_KEY_SIZE		32
+#define CHACHA_CTR_SIZE		16
+#define CHACHA_BLK_SIZE		64
+
+#endif
diff --git a/crypto/openssl/include/crypto/cryptlib.h b/crypto/openssl/include/crypto/cryptlib.h
new file mode 100644
index 0000000000000..38b5dac9a364c
--- /dev/null
+++ b/crypto/openssl/include/crypto/cryptlib.h
@@ -0,0 +1,35 @@
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+
+/* This file is not scanned by mkdef.pl, whereas cryptlib.h is */
+
+struct thread_local_inits_st {
+    int async;
+    int err_state;
+    int rand;
+};
+
+int ossl_init_thread_start(uint64_t opts);
+
+/*
+ * OPENSSL_INIT flags. The primary list of these is in crypto.h. Flags below
+ * are those omitted from crypto.h because they are "reserved for internal
+ * use".
+ */
+# define OPENSSL_INIT_ZLIB                   0x00010000L
+# define OPENSSL_INIT_BASE_ONLY              0x00040000L
+
+/* OPENSSL_INIT_THREAD flags */
+# define OPENSSL_INIT_THREAD_ASYNC           0x01
+# define OPENSSL_INIT_THREAD_ERR_STATE       0x02
+# define OPENSSL_INIT_THREAD_RAND            0x04
+
+void ossl_malloc_setup_failures(void);
diff --git a/crypto/openssl/include/crypto/ctype.h b/crypto/openssl/include/crypto/ctype.h
new file mode 100644
index 0000000000000..81ef8f5cf7e10
--- /dev/null
+++ b/crypto/openssl/include/crypto/ctype.h
@@ -0,0 +1,82 @@
+/*
+ * Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * This version of ctype.h provides a standardised and platform
+ * independent implementation that supports seven bit ASCII characters.
+ * The specific intent is to not pass extended ASCII characters (> 127)
+ * even if the host operating system would.
+ *
+ * There is EBCDIC support included for machines which use this.  However,
+ * there are a number of concerns about how well EBCDIC is supported
+ * throughout the rest of the source code.  Refer to issue #4154 for
+ * details.
+ */
+#ifndef OSSL_CRYPTO_CTYPE_H
+# define OSSL_CRYPTO_CTYPE_H
+
+# define CTYPE_MASK_lower       0x1
+# define CTYPE_MASK_upper       0x2
+# define CTYPE_MASK_digit       0x4
+# define CTYPE_MASK_space       0x8
+# define CTYPE_MASK_xdigit      0x10
+# define CTYPE_MASK_blank       0x20
+# define CTYPE_MASK_cntrl       0x40
+# define CTYPE_MASK_graph       0x80
+# define CTYPE_MASK_print       0x100
+# define CTYPE_MASK_punct       0x200
+# define CTYPE_MASK_base64      0x400
+# define CTYPE_MASK_asn1print   0x800
+
+# define CTYPE_MASK_alpha   (CTYPE_MASK_lower | CTYPE_MASK_upper)
+# define CTYPE_MASK_alnum   (CTYPE_MASK_alpha | CTYPE_MASK_digit)
+
+/*
+ * The ascii mask assumes that any other classification implies that
+ * the character is ASCII and that there are no ASCII characters
+ * that aren't in any of the classifications.
+ *
+ * This assumption holds at the moment, but it might not in the future.
+ */
+# define CTYPE_MASK_ascii   (~0)
+
+# ifdef CHARSET_EBCDIC
+int ossl_toascii(int c);
+int ossl_fromascii(int c);
+# else
+#  define ossl_toascii(c)       (c)
+#  define ossl_fromascii(c)     (c)
+# endif
+int ossl_ctype_check(int c, unsigned int mask);
+int ossl_tolower(int c);
+int ossl_toupper(int c);
+
+int ascii_isdigit(const char inchar);
+
+# define ossl_isalnum(c)        (ossl_ctype_check((c), CTYPE_MASK_alnum))
+# define ossl_isalpha(c)        (ossl_ctype_check((c), CTYPE_MASK_alpha))
+# ifdef CHARSET_EBCDIC
+# define ossl_isascii(c)        (ossl_ctype_check((c), CTYPE_MASK_ascii))
+# else
+# define ossl_isascii(c)        (((c) & ~127) == 0)
+# endif
+# define ossl_isblank(c)        (ossl_ctype_check((c), CTYPE_MASK_blank))
+# define ossl_iscntrl(c)        (ossl_ctype_check((c), CTYPE_MASK_cntrl))
+# define ossl_isdigit(c)        (ossl_ctype_check((c), CTYPE_MASK_digit))
+# define ossl_isgraph(c)        (ossl_ctype_check((c), CTYPE_MASK_graph))
+# define ossl_islower(c)        (ossl_ctype_check((c), CTYPE_MASK_lower))
+# define ossl_isprint(c)        (ossl_ctype_check((c), CTYPE_MASK_print))
+# define ossl_ispunct(c)        (ossl_ctype_check((c), CTYPE_MASK_punct))
+# define ossl_isspace(c)        (ossl_ctype_check((c), CTYPE_MASK_space))
+# define ossl_isupper(c)        (ossl_ctype_check((c), CTYPE_MASK_upper))
+# define ossl_isxdigit(c)       (ossl_ctype_check((c), CTYPE_MASK_xdigit))
+# define ossl_isbase64(c)       (ossl_ctype_check((c), CTYPE_MASK_base64))
+# define ossl_isasn1print(c)    (ossl_ctype_check((c), CTYPE_MASK_asn1print))
+
+#endif
diff --git a/crypto/openssl/crypto/include/internal/dso_conf.h b/crypto/openssl/include/crypto/dso_conf.h
index 61985cac8b109..85a9ef520dd5b 100644
--- a/crypto/openssl/crypto/include/internal/dso_conf.h
+++ b/crypto/openssl/include/crypto/dso_conf.h
@@ -1,6 +1,6 @@
 /* $FreeBSD$ */
 /* WARNING: do not edit! */
-/* Generated by Makefile from crypto/include/internal/dso_conf.h.in */
+/* Generated by Makefile from include/crypto/dso_conf.h.in */
 /*
  * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
@@ -10,8 +10,8 @@
  * https://www.openssl.org/source/license.html
  */
 
-#ifndef HEADER_DSO_CONF_H
-# define HEADER_DSO_CONF_H
+#ifndef OSSL_CRYPTO_DSO_CONF_H
+# define OSSL_CRYPTO_DSO_CONF_H
 # define DSO_DLFCN
 # define HAVE_DLFCN_H
 # define DSO_EXTENSION ".so"
diff --git a/crypto/openssl/include/crypto/dso_conf.h.in b/crypto/openssl/include/crypto/dso_conf.h.in
new file mode 100644
index 0000000000000..57a09b10a2597
--- /dev/null
+++ b/crypto/openssl/include/crypto/dso_conf.h.in
@@ -0,0 +1,31 @@
+{- join("\n",map { "/* $_ */" } @autowarntext) -}
+/*
+ * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_DSO_CONF_H
+# define OSSL_CRYPTO_DSO_CONF_H
+{-  # The DSO code currently always implements all functions so that no
+    # applications will have to worry about that from a compilation point
+    # of view. However, the "method"s may return zero unless that platform
+    # has support compiled in for them. Currently each method is enabled
+    # by a define "DSO_<name>" ... we translate the "dso_scheme" config
+    # string entry into using the following logic;
+    my $scheme = $disabled{dso} ? undef : uc $target{dso_scheme};
+    if (!$scheme) {
+        $scheme = "NONE";
+    }
+    my @macros = ( "DSO_$scheme" );
+    if ($scheme eq 'DLFCN') {
+        @macros = ( "DSO_DLFCN", "HAVE_DLFCN_H" );
+    } elsif ($scheme eq "DLFCN_NO_H") {
+        @macros = ( "DSO_DLFCN" );
+    }
+    join("\n", map { "# define $_" } @macros); -}
+# define DSO_EXTENSION "{- $target{dso_extension} -}"
+#endif
diff --git a/crypto/openssl/include/crypto/ec.h b/crypto/openssl/include/crypto/ec.h
new file mode 100644
index 0000000000000..fe52ae704bb9f
--- /dev/null
+++ b/crypto/openssl/include/crypto/ec.h
@@ -0,0 +1,53 @@
+/*
+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Internal EC functions for other submodules: not for application use */
+
+#ifndef OSSL_CRYPTO_EC_H
+# define OSSL_CRYPTO_EC_H
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_EC
+
+#  include <openssl/ec.h>
+
+/*-
+ * Computes the multiplicative inverse of x in the range
+ * [1,EC_GROUP::order), where EC_GROUP::order is the cardinality of the
+ * subgroup generated by the generator G:
+ *
+ *         res := x^(-1) (mod EC_GROUP::order).
+ *
+ * This function expects the following two conditions to hold:
+ *  - the EC_GROUP order is prime, and
+ *  - x is included in the range [1, EC_GROUP::order).
+ *
+ * This function returns 1 on success, 0 on error.
+ *
+ * If the EC_GROUP order is even, this function explicitly returns 0 as
+ * an error.
+ * In case any of the two conditions stated above is not satisfied,
+ * the correctness of its output is not guaranteed, even if the return
+ * value could still be 1 (as primality testing and a conditional modular
+ * reduction round on the input can be omitted by the underlying
+ * implementations for better SCA properties on regular input values).
+ */
+__owur int ec_group_do_inverse_ord(const EC_GROUP *group, BIGNUM *res,
+                                   const BIGNUM *x, BN_CTX *ctx);
+
+/*-
+ * ECDH Key Derivation Function as defined in ANSI X9.63
+ */
+int ecdh_KDF_X9_63(unsigned char *out, size_t outlen,
+                   const unsigned char *Z, size_t Zlen,
+                   const unsigned char *sinfo, size_t sinfolen,
+                   const EVP_MD *md);
+
+# endif /* OPENSSL_NO_EC */
+#endif
diff --git a/crypto/openssl/include/crypto/engine.h b/crypto/openssl/include/crypto/engine.h
new file mode 100644
index 0000000000000..f80ae3ec30c93
--- /dev/null
+++ b/crypto/openssl/include/crypto/engine.h
@@ -0,0 +1,20 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/engine.h>
+
+void engine_load_openssl_int(void);
+void engine_load_devcrypto_int(void);
+void engine_load_rdrand_int(void);
+void engine_load_dynamic_int(void);
+void engine_load_padlock_int(void);
+void engine_load_capi_int(void);
+void engine_load_dasync_int(void);
+void engine_load_afalg_int(void);
+void engine_cleanup_int(void);
diff --git a/crypto/openssl/include/crypto/err.h b/crypto/openssl/include/crypto/err.h
new file mode 100644
index 0000000000000..8ab0e5baaa2cf
--- /dev/null
+++ b/crypto/openssl/include/crypto/err.h
@@ -0,0 +1,19 @@
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_ERR_H
+# define OSSL_CRYPTO_ERR_H
+
+int err_load_crypto_strings_int(void);
+void err_cleanup(void);
+void err_delete_thread_state(void);
+int err_shelve_state(void **);
+void err_unshelve_state(void *);
+
+#endif
diff --git a/crypto/openssl/include/crypto/evp.h b/crypto/openssl/include/crypto/evp.h
new file mode 100644
index 0000000000000..d86aed36f075a
--- /dev/null
+++ b/crypto/openssl/include/crypto/evp.h
@@ -0,0 +1,442 @@
+/*
+ * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/evp.h>
+#include "internal/refcount.h"
+
+/*
+ * Don't free up md_ctx->pctx in EVP_MD_CTX_reset, use the reserved flag
+ * values in evp.h
+ */
+#define EVP_MD_CTX_FLAG_KEEP_PKEY_CTX   0x0400
+
+struct evp_pkey_ctx_st {
+    /* Method associated with this operation */
+    const EVP_PKEY_METHOD *pmeth;
+    /* Engine that implements this method or NULL if builtin */
+    ENGINE *engine;
+    /* Key: may be NULL */
+    EVP_PKEY *pkey;
+    /* Peer key for key agreement, may be NULL */
+    EVP_PKEY *peerkey;
+    /* Actual operation */
+    int operation;
+    /* Algorithm specific data */
+    void *data;
+    /* Application specific data */
+    void *app_data;
+    /* Keygen callback */
+    EVP_PKEY_gen_cb *pkey_gencb;
+    /* implementation specific keygen data */
+    int *keygen_info;
+    int keygen_info_count;
+} /* EVP_PKEY_CTX */ ;
+
+#define EVP_PKEY_FLAG_DYNAMIC   1
+
+struct evp_pkey_method_st {
+    int pkey_id;
+    int flags;
+    int (*init) (EVP_PKEY_CTX *ctx);
+    int (*copy) (EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src);
+    void (*cleanup) (EVP_PKEY_CTX *ctx);
+    int (*paramgen_init) (EVP_PKEY_CTX *ctx);
+    int (*paramgen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey);
+    int (*keygen_init) (EVP_PKEY_CTX *ctx);
+    int (*keygen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey);
+    int (*sign_init) (EVP_PKEY_CTX *ctx);
+    int (*sign) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
+                 const unsigned char *tbs, size_t tbslen);
+    int (*verify_init) (EVP_PKEY_CTX *ctx);
+    int (*verify) (EVP_PKEY_CTX *ctx,
+                   const unsigned char *sig, size_t siglen,
+                   const unsigned char *tbs, size_t tbslen);
+    int (*verify_recover_init) (EVP_PKEY_CTX *ctx);
+    int (*verify_recover) (EVP_PKEY_CTX *ctx,
+                           unsigned char *rout, size_t *routlen,
+                           const unsigned char *sig, size_t siglen);
+    int (*signctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx);
+    int (*signctx) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
+                    EVP_MD_CTX *mctx);
+    int (*verifyctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx);
+    int (*verifyctx) (EVP_PKEY_CTX *ctx, const unsigned char *sig, int siglen,
+                      EVP_MD_CTX *mctx);
+    int (*encrypt_init) (EVP_PKEY_CTX *ctx);
+    int (*encrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
+                    const unsigned char *in, size_t inlen);
+    int (*decrypt_init) (EVP_PKEY_CTX *ctx);
+    int (*decrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
+                    const unsigned char *in, size_t inlen);
+    int (*derive_init) (EVP_PKEY_CTX *ctx);
+    int (*derive) (EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
+    int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1, void *p2);
+    int (*ctrl_str) (EVP_PKEY_CTX *ctx, const char *type, const char *value);
+    int (*digestsign) (EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen,
+                       const unsigned char *tbs, size_t tbslen);
+    int (*digestverify) (EVP_MD_CTX *ctx, const unsigned char *sig,
+                         size_t siglen, const unsigned char *tbs,
+                         size_t tbslen);
+    int (*check) (EVP_PKEY *pkey);
+    int (*public_check) (EVP_PKEY *pkey);
+    int (*param_check) (EVP_PKEY *pkey);
+
+    int (*digest_custom) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx);
+} /* EVP_PKEY_METHOD */ ;
+
+DEFINE_STACK_OF_CONST(EVP_PKEY_METHOD)
+
+void evp_pkey_set_cb_translate(BN_GENCB *cb, EVP_PKEY_CTX *ctx);
+
+extern const EVP_PKEY_METHOD cmac_pkey_meth;
+extern const EVP_PKEY_METHOD dh_pkey_meth;
+extern const EVP_PKEY_METHOD dhx_pkey_meth;
+extern const EVP_PKEY_METHOD dsa_pkey_meth;
+extern const EVP_PKEY_METHOD ec_pkey_meth;
+extern const EVP_PKEY_METHOD sm2_pkey_meth;
+extern const EVP_PKEY_METHOD ecx25519_pkey_meth;
+extern const EVP_PKEY_METHOD ecx448_pkey_meth;
+extern const EVP_PKEY_METHOD ed25519_pkey_meth;
+extern const EVP_PKEY_METHOD ed448_pkey_meth;
+extern const EVP_PKEY_METHOD hmac_pkey_meth;
+extern const EVP_PKEY_METHOD rsa_pkey_meth;
+extern const EVP_PKEY_METHOD rsa_pss_pkey_meth;
+extern const EVP_PKEY_METHOD scrypt_pkey_meth;
+extern const EVP_PKEY_METHOD tls1_prf_pkey_meth;
+extern const EVP_PKEY_METHOD hkdf_pkey_meth;
+extern const EVP_PKEY_METHOD poly1305_pkey_meth;
+extern const EVP_PKEY_METHOD siphash_pkey_meth;
+
+struct evp_md_st {
+    int type;
+    int pkey_type;
+    int md_size;
+    unsigned long flags;
+    int (*init) (EVP_MD_CTX *ctx);
+    int (*update) (EVP_MD_CTX *ctx, const void *data, size_t count);
+    int (*final) (EVP_MD_CTX *ctx, unsigned char *md);
+    int (*copy) (EVP_MD_CTX *to, const EVP_MD_CTX *from);
+    int (*cleanup) (EVP_MD_CTX *ctx);
+    int block_size;
+    int ctx_size;               /* how big does the ctx->md_data need to be */
+    /* control function */
+    int (*md_ctrl) (EVP_MD_CTX *ctx, int cmd, int p1, void *p2);
+} /* EVP_MD */ ;
+
+struct evp_cipher_st {
+    int nid;
+    int block_size;
+    /* Default value for variable length ciphers */
+    int key_len;
+    int iv_len;
+    /* Various flags */
+    unsigned long flags;
+    /* init key */
+    int (*init) (EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                 const unsigned char *iv, int enc);
+    /* encrypt/decrypt data */
+    int (*do_cipher) (EVP_CIPHER_CTX *ctx, unsigned char *out,
+                      const unsigned char *in, size_t inl);
+    /* cleanup ctx */
+    int (*cleanup) (EVP_CIPHER_CTX *);
+    /* how big ctx->cipher_data needs to be */
+    int ctx_size;
+    /* Populate a ASN1_TYPE with parameters */
+    int (*set_asn1_parameters) (EVP_CIPHER_CTX *, ASN1_TYPE *);
+    /* Get parameters from a ASN1_TYPE */
+    int (*get_asn1_parameters) (EVP_CIPHER_CTX *, ASN1_TYPE *);
+    /* Miscellaneous operations */
+    int (*ctrl) (EVP_CIPHER_CTX *, int type, int arg, void *ptr);
+    /* Application data */
+    void *app_data;
+} /* EVP_CIPHER */ ;
+
+/* Macros to code block cipher wrappers */
+
+/* Wrapper functions for each cipher mode */
+
+#define EVP_C_DATA(kstruct, ctx) \
+        ((kstruct *)EVP_CIPHER_CTX_get_cipher_data(ctx))
+
+#define BLOCK_CIPHER_ecb_loop() \
+        size_t i, bl; \
+        bl = EVP_CIPHER_CTX_cipher(ctx)->block_size;    \
+        if (inl < bl) return 1;\
+        inl -= bl; \
+        for (i=0; i <= inl; i+=bl)
+
+#define BLOCK_CIPHER_func_ecb(cname, cprefix, kstruct, ksched) \
+static int cname##_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \
+{\
+        BLOCK_CIPHER_ecb_loop() \
+            cprefix##_ecb_encrypt(in + i, out + i, &EVP_C_DATA(kstruct,ctx)->ksched, EVP_CIPHER_CTX_encrypting(ctx)); \
+        return 1;\
+}
+
+#define EVP_MAXCHUNK ((size_t)1<<(sizeof(long)*8-2))
+
+#define BLOCK_CIPHER_func_ofb(cname, cprefix, cbits, kstruct, ksched) \
+    static int cname##_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \
+{\
+        while(inl>=EVP_MAXCHUNK) {\
+            int num = EVP_CIPHER_CTX_num(ctx);\
+            cprefix##_ofb##cbits##_encrypt(in, out, (long)EVP_MAXCHUNK, &EVP_C_DATA(kstruct,ctx)->ksched, EVP_CIPHER_CTX_iv_noconst(ctx), &num); \
+            EVP_CIPHER_CTX_set_num(ctx, num);\
+            inl-=EVP_MAXCHUNK;\
+            in +=EVP_MAXCHUNK;\
+            out+=EVP_MAXCHUNK;\
+        }\
+        if (inl) {\
+            int num = EVP_CIPHER_CTX_num(ctx);\
+            cprefix##_ofb##cbits##_encrypt(in, out, (long)inl, &EVP_C_DATA(kstruct,ctx)->ksched, EVP_CIPHER_CTX_iv_noconst(ctx), &num); \
+            EVP_CIPHER_CTX_set_num(ctx, num);\
+        }\
+        return 1;\
+}
+
+#define BLOCK_CIPHER_func_cbc(cname, cprefix, kstruct, ksched) \
+static int cname##_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \
+{\
+        while(inl>=EVP_MAXCHUNK) \
+            {\
+            cprefix##_cbc_encrypt(in, out, (long)EVP_MAXCHUNK, &EVP_C_DATA(kstruct,ctx)->ksched, EVP_CIPHER_CTX_iv_noconst(ctx), EVP_CIPHER_CTX_encrypting(ctx));\
+            inl-=EVP_MAXCHUNK;\
+            in +=EVP_MAXCHUNK;\
+            out+=EVP_MAXCHUNK;\
+            }\
+        if (inl)\
+            cprefix##_cbc_encrypt(in, out, (long)inl, &EVP_C_DATA(kstruct,ctx)->ksched, EVP_CIPHER_CTX_iv_noconst(ctx), EVP_CIPHER_CTX_encrypting(ctx));\
+        return 1;\
+}
+
+#define BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched)  \
+static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \
+{\
+    size_t chunk = EVP_MAXCHUNK;\
+    if (cbits == 1)  chunk >>= 3;\
+    if (inl < chunk) chunk = inl;\
+    while (inl && inl >= chunk)\
+    {\
+        int num = EVP_CIPHER_CTX_num(ctx);\
+        cprefix##_cfb##cbits##_encrypt(in, out, (long) \
+            ((cbits == 1) \
+                && !EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS) \
+                ? chunk*8 : chunk), \
+            &EVP_C_DATA(kstruct, ctx)->ksched, EVP_CIPHER_CTX_iv_noconst(ctx),\
+            &num, EVP_CIPHER_CTX_encrypting(ctx));\
+        EVP_CIPHER_CTX_set_num(ctx, num);\
+        inl -= chunk;\
+        in += chunk;\
+        out += chunk;\
+        if (inl < chunk) chunk = inl;\
+    }\
+    return 1;\
+}
+
+#define BLOCK_CIPHER_all_funcs(cname, cprefix, cbits, kstruct, ksched) \
+        BLOCK_CIPHER_func_cbc(cname, cprefix, kstruct, ksched) \
+        BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \
+        BLOCK_CIPHER_func_ecb(cname, cprefix, kstruct, ksched) \
+        BLOCK_CIPHER_func_ofb(cname, cprefix, cbits, kstruct, ksched)
+
+#define BLOCK_CIPHER_def1(cname, nmode, mode, MODE, kstruct, nid, block_size, \
+                          key_len, iv_len, flags, init_key, cleanup, \
+                          set_asn1, get_asn1, ctrl) \
+static const EVP_CIPHER cname##_##mode = { \
+        nid##_##nmode, block_size, key_len, iv_len, \
+        flags | EVP_CIPH_##MODE##_MODE, \
+        init_key, \
+        cname##_##mode##_cipher, \
+        cleanup, \
+        sizeof(kstruct), \
+        set_asn1, get_asn1,\
+        ctrl, \
+        NULL \
+}; \
+const EVP_CIPHER *EVP_##cname##_##mode(void) { return &cname##_##mode; }
+
+#define BLOCK_CIPHER_def_cbc(cname, kstruct, nid, block_size, key_len, \
+                             iv_len, flags, init_key, cleanup, set_asn1, \
+                             get_asn1, ctrl) \
+BLOCK_CIPHER_def1(cname, cbc, cbc, CBC, kstruct, nid, block_size, key_len, \
+                  iv_len, flags, init_key, cleanup, set_asn1, get_asn1, ctrl)
+
+#define BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, \
+                             iv_len, cbits, flags, init_key, cleanup, \
+                             set_asn1, get_asn1, ctrl) \
+BLOCK_CIPHER_def1(cname, cfb##cbits, cfb##cbits, CFB, kstruct, nid, 1, \
+                  key_len, iv_len, flags, init_key, cleanup, set_asn1, \
+                  get_asn1, ctrl)
+
+#define BLOCK_CIPHER_def_ofb(cname, kstruct, nid, key_len, \
+                             iv_len, cbits, flags, init_key, cleanup, \
+                             set_asn1, get_asn1, ctrl) \
+BLOCK_CIPHER_def1(cname, ofb##cbits, ofb, OFB, kstruct, nid, 1, \
+                  key_len, iv_len, flags, init_key, cleanup, set_asn1, \
+                  get_asn1, ctrl)
+
+#define BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, \
+                             flags, init_key, cleanup, set_asn1, \
+                             get_asn1, ctrl) \
+BLOCK_CIPHER_def1(cname, ecb, ecb, ECB, kstruct, nid, block_size, key_len, \
+                  0, flags, init_key, cleanup, set_asn1, get_asn1, ctrl)
+
+#define BLOCK_CIPHER_defs(cname, kstruct, \
+                          nid, block_size, key_len, iv_len, cbits, flags, \
+                          init_key, cleanup, set_asn1, get_asn1, ctrl) \
+BLOCK_CIPHER_def_cbc(cname, kstruct, nid, block_size, key_len, iv_len, flags, \
+                     init_key, cleanup, set_asn1, get_asn1, ctrl) \
+BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, iv_len, cbits, \
+                     flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \
+BLOCK_CIPHER_def_ofb(cname, kstruct, nid, key_len, iv_len, cbits, \
+                     flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \
+BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, flags, \
+                     init_key, cleanup, set_asn1, get_asn1, ctrl)
+
+/*-
+#define BLOCK_CIPHER_defs(cname, kstruct, \
+                                nid, block_size, key_len, iv_len, flags,\
+                                 init_key, cleanup, set_asn1, get_asn1, ctrl)\
+static const EVP_CIPHER cname##_cbc = {\
+        nid##_cbc, block_size, key_len, iv_len, \
+        flags | EVP_CIPH_CBC_MODE,\
+        init_key,\
+        cname##_cbc_cipher,\
+        cleanup,\
+        sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\
+                sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\
+        set_asn1, get_asn1,\
+        ctrl, \
+        NULL \
+};\
+const EVP_CIPHER *EVP_##cname##_cbc(void) { return &cname##_cbc; }\
+static const EVP_CIPHER cname##_cfb = {\
+        nid##_cfb64, 1, key_len, iv_len, \
+        flags | EVP_CIPH_CFB_MODE,\
+        init_key,\
+        cname##_cfb_cipher,\
+        cleanup,\
+        sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\
+                sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\
+        set_asn1, get_asn1,\
+        ctrl,\
+        NULL \
+};\
+const EVP_CIPHER *EVP_##cname##_cfb(void) { return &cname##_cfb; }\
+static const EVP_CIPHER cname##_ofb = {\
+        nid##_ofb64, 1, key_len, iv_len, \
+        flags | EVP_CIPH_OFB_MODE,\
+        init_key,\
+        cname##_ofb_cipher,\
+        cleanup,\
+        sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\
+                sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\
+        set_asn1, get_asn1,\
+        ctrl,\
+        NULL \
+};\
+const EVP_CIPHER *EVP_##cname##_ofb(void) { return &cname##_ofb; }\
+static const EVP_CIPHER cname##_ecb = {\
+        nid##_ecb, block_size, key_len, iv_len, \
+        flags | EVP_CIPH_ECB_MODE,\
+        init_key,\
+        cname##_ecb_cipher,\
+        cleanup,\
+        sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\
+                sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\
+        set_asn1, get_asn1,\
+        ctrl,\
+        NULL \
+};\
+const EVP_CIPHER *EVP_##cname##_ecb(void) { return &cname##_ecb; }
+*/
+
+#define IMPLEMENT_BLOCK_CIPHER(cname, ksched, cprefix, kstruct, nid, \
+                               block_size, key_len, iv_len, cbits, \
+                               flags, init_key, \
+                               cleanup, set_asn1, get_asn1, ctrl) \
+        BLOCK_CIPHER_all_funcs(cname, cprefix, cbits, kstruct, ksched) \
+        BLOCK_CIPHER_defs(cname, kstruct, nid, block_size, key_len, iv_len, \
+                          cbits, flags, init_key, cleanup, set_asn1, \
+                          get_asn1, ctrl)
+
+#define IMPLEMENT_CFBR(cipher,cprefix,kstruct,ksched,keysize,cbits,iv_len,fl) \
+        BLOCK_CIPHER_func_cfb(cipher##_##keysize,cprefix,cbits,kstruct,ksched) \
+        BLOCK_CIPHER_def_cfb(cipher##_##keysize,kstruct, \
+                             NID_##cipher##_##keysize, keysize/8, iv_len, cbits, \
+                             (fl)|EVP_CIPH_FLAG_DEFAULT_ASN1, \
+                             cipher##_init_key, NULL, NULL, NULL, NULL)
+
+
+# ifndef OPENSSL_NO_EC
+
+#define X25519_KEYLEN        32
+#define X448_KEYLEN          56
+#define ED448_KEYLEN         57
+
+#define MAX_KEYLEN  ED448_KEYLEN
+
+typedef struct {
+    unsigned char pubkey[MAX_KEYLEN];
+    unsigned char *privkey;
+} ECX_KEY;
+
+#endif
+
+/*
+ * Type needs to be a bit field Sub-type needs to be for variations on the
+ * method, as in, can it do arbitrary encryption....
+ */
+struct evp_pkey_st {
+    int type;
+    int save_type;
+    CRYPTO_REF_COUNT references;
+    const EVP_PKEY_ASN1_METHOD *ameth;
+    ENGINE *engine;
+    ENGINE *pmeth_engine; /* If not NULL public key ENGINE to use */
+    union {
+        void *ptr;
+# ifndef OPENSSL_NO_RSA
+        struct rsa_st *rsa;     /* RSA */
+# endif
+# ifndef OPENSSL_NO_DSA
+        struct dsa_st *dsa;     /* DSA */
+# endif
+# ifndef OPENSSL_NO_DH
+        struct dh_st *dh;       /* DH */
+# endif
+# ifndef OPENSSL_NO_EC
+        struct ec_key_st *ec;   /* ECC */
+        ECX_KEY *ecx;           /* X25519, X448, Ed25519, Ed448 */
+# endif
+    } pkey;
+    int save_parameters;
+    STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */
+    CRYPTO_RWLOCK *lock;
+} /* EVP_PKEY */ ;
+
+
+void openssl_add_all_ciphers_int(void);
+void openssl_add_all_digests_int(void);
+void evp_cleanup_int(void);
+void evp_app_cleanup_int(void);
+
+/* Pulling defines out of C source files */
+
+#define EVP_RC4_KEY_SIZE 16
+#ifndef TLS1_1_VERSION
+# define TLS1_1_VERSION   0x0302
+#endif
+
+void evp_encode_ctx_set_flags(EVP_ENCODE_CTX *ctx, unsigned int flags);
+
+/* EVP_ENCODE_CTX flags */
+/* Don't generate new lines when encoding */
+#define EVP_ENCODE_CTX_NO_NEWLINES          1
+/* Use the SRP base64 alphabet instead of the standard one */
+#define EVP_ENCODE_CTX_USE_SRP_ALPHABET     2
diff --git a/crypto/openssl/include/crypto/lhash.h b/crypto/openssl/include/crypto/lhash.h
new file mode 100644
index 0000000000000..ab060cce74b4b
--- /dev/null
+++ b/crypto/openssl/include/crypto/lhash.h
@@ -0,0 +1,15 @@
+/*
+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_LHASH_H
+# define OSSL_CRYPTO_LHASH_H
+
+unsigned long openssl_lh_strcasehash(const char *);
+
+#endif
diff --git a/crypto/openssl/include/crypto/md32_common.h b/crypto/openssl/include/crypto/md32_common.h
new file mode 100644
index 0000000000000..1124e9c24b2a2
--- /dev/null
+++ b/crypto/openssl/include/crypto/md32_common.h
@@ -0,0 +1,256 @@
+/*
+ * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*-
+ * This is a generic 32 bit "collector" for message digest algorithms.
+ * Whenever needed it collects input character stream into chunks of
+ * 32 bit values and invokes a block function that performs actual hash
+ * calculations.
+ *
+ * Porting guide.
+ *
+ * Obligatory macros:
+ *
+ * DATA_ORDER_IS_BIG_ENDIAN or DATA_ORDER_IS_LITTLE_ENDIAN
+ *      this macro defines byte order of input stream.
+ * HASH_CBLOCK
+ *      size of a unit chunk HASH_BLOCK operates on.
+ * HASH_LONG
+ *      has to be at least 32 bit wide.
+ * HASH_CTX
+ *      context structure that at least contains following
+ *      members:
+ *              typedef struct {
+ *                      ...
+ *                      HASH_LONG       Nl,Nh;
+ *                      either {
+ *                      HASH_LONG       data[HASH_LBLOCK];
+ *                      unsigned char   data[HASH_CBLOCK];
+ *                      };
+ *                      unsigned int    num;
+ *                      ...
+ *                      } HASH_CTX;
+ *      data[] vector is expected to be zeroed upon first call to
+ *      HASH_UPDATE.
+ * HASH_UPDATE
+ *      name of "Update" function, implemented here.
+ * HASH_TRANSFORM
+ *      name of "Transform" function, implemented here.
+ * HASH_FINAL
+ *      name of "Final" function, implemented here.
+ * HASH_BLOCK_DATA_ORDER
+ *      name of "block" function capable of treating *unaligned* input
+ *      message in original (data) byte order, implemented externally.
+ * HASH_MAKE_STRING
+ *      macro converting context variables to an ASCII hash string.
+ *
+ * MD5 example:
+ *
+ *      #define DATA_ORDER_IS_LITTLE_ENDIAN
+ *
+ *      #define HASH_LONG               MD5_LONG
+ *      #define HASH_CTX                MD5_CTX
+ *      #define HASH_CBLOCK             MD5_CBLOCK
+ *      #define HASH_UPDATE             MD5_Update
+ *      #define HASH_TRANSFORM          MD5_Transform
+ *      #define HASH_FINAL              MD5_Final
+ *      #define HASH_BLOCK_DATA_ORDER   md5_block_data_order
+ */
+
+#include <openssl/crypto.h>
+
+#if !defined(DATA_ORDER_IS_BIG_ENDIAN) && !defined(DATA_ORDER_IS_LITTLE_ENDIAN)
+# error "DATA_ORDER must be defined!"
+#endif
+
+#ifndef HASH_CBLOCK
+# error "HASH_CBLOCK must be defined!"
+#endif
+#ifndef HASH_LONG
+# error "HASH_LONG must be defined!"
+#endif
+#ifndef HASH_CTX
+# error "HASH_CTX must be defined!"
+#endif
+
+#ifndef HASH_UPDATE
+# error "HASH_UPDATE must be defined!"
+#endif
+#ifndef HASH_TRANSFORM
+# error "HASH_TRANSFORM must be defined!"
+#endif
+#ifndef HASH_FINAL
+# error "HASH_FINAL must be defined!"
+#endif
+
+#ifndef HASH_BLOCK_DATA_ORDER
+# error "HASH_BLOCK_DATA_ORDER must be defined!"
+#endif
+
+#define ROTATE(a,n)     (((a)<<(n))|(((a)&0xffffffff)>>(32-(n))))
+
+#if defined(DATA_ORDER_IS_BIG_ENDIAN)
+
+# define HOST_c2l(c,l)  (l =(((unsigned long)(*((c)++)))<<24),          \
+                         l|=(((unsigned long)(*((c)++)))<<16),          \
+                         l|=(((unsigned long)(*((c)++)))<< 8),          \
+                         l|=(((unsigned long)(*((c)++)))    )           )
+# define HOST_l2c(l,c)  (*((c)++)=(unsigned char)(((l)>>24)&0xff),      \
+                         *((c)++)=(unsigned char)(((l)>>16)&0xff),      \
+                         *((c)++)=(unsigned char)(((l)>> 8)&0xff),      \
+                         *((c)++)=(unsigned char)(((l)    )&0xff),      \
+                         l)
+
+#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
+
+# define HOST_c2l(c,l)  (l =(((unsigned long)(*((c)++)))    ),          \
+                         l|=(((unsigned long)(*((c)++)))<< 8),          \
+                         l|=(((unsigned long)(*((c)++)))<<16),          \
+                         l|=(((unsigned long)(*((c)++)))<<24)           )
+# define HOST_l2c(l,c)  (*((c)++)=(unsigned char)(((l)    )&0xff),      \
+                         *((c)++)=(unsigned char)(((l)>> 8)&0xff),      \
+                         *((c)++)=(unsigned char)(((l)>>16)&0xff),      \
+                         *((c)++)=(unsigned char)(((l)>>24)&0xff),      \
+                         l)
+
+#endif
+
+/*
+ * Time for some action :-)
+ */
+
+int HASH_UPDATE(HASH_CTX *c, const void *data_, size_t len)
+{
+    const unsigned char *data = data_;
+    unsigned char *p;
+    HASH_LONG l;
+    size_t n;
+
+    if (len == 0)
+        return 1;
+
+    l = (c->Nl + (((HASH_LONG) len) << 3)) & 0xffffffffUL;
+    if (l < c->Nl)              /* overflow */
+        c->Nh++;
+    c->Nh += (HASH_LONG) (len >> 29); /* might cause compiler warning on
+                                       * 16-bit */
+    c->Nl = l;
+
+    n = c->num;
+    if (n != 0) {
+        p = (unsigned char *)c->data;
+
+        if (len >= HASH_CBLOCK || len + n >= HASH_CBLOCK) {
+            memcpy(p + n, data, HASH_CBLOCK - n);
+            HASH_BLOCK_DATA_ORDER(c, p, 1);
+            n = HASH_CBLOCK - n;
+            data += n;
+            len -= n;
+            c->num = 0;
+            /*
+             * We use memset rather than OPENSSL_cleanse() here deliberately.
+             * Using OPENSSL_cleanse() here could be a performance issue. It
+             * will get properly cleansed on finalisation so this isn't a
+             * security problem.
+             */
+            memset(p, 0, HASH_CBLOCK); /* keep it zeroed */
+        } else {
+            memcpy(p + n, data, len);
+            c->num += (unsigned int)len;
+            return 1;
+        }
+    }
+
+    n = len / HASH_CBLOCK;
+    if (n > 0) {
+        HASH_BLOCK_DATA_ORDER(c, data, n);
+        n *= HASH_CBLOCK;
+        data += n;
+        len -= n;
+    }
+
+    if (len != 0) {
+        p = (unsigned char *)c->data;
+        c->num = (unsigned int)len;
+        memcpy(p, data, len);
+    }
+    return 1;
+}
+
+void HASH_TRANSFORM(HASH_CTX *c, const unsigned char *data)
+{
+    HASH_BLOCK_DATA_ORDER(c, data, 1);
+}
+
+int HASH_FINAL(unsigned char *md, HASH_CTX *c)
+{
+    unsigned char *p = (unsigned char *)c->data;
+    size_t n = c->num;
+
+    p[n] = 0x80;                /* there is always room for one */
+    n++;
+
+    if (n > (HASH_CBLOCK - 8)) {
+        memset(p + n, 0, HASH_CBLOCK - n);
+        n = 0;
+        HASH_BLOCK_DATA_ORDER(c, p, 1);
+    }
+    memset(p + n, 0, HASH_CBLOCK - 8 - n);
+
+    p += HASH_CBLOCK - 8;
+#if   defined(DATA_ORDER_IS_BIG_ENDIAN)
+    (void)HOST_l2c(c->Nh, p);
+    (void)HOST_l2c(c->Nl, p);
+#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
+    (void)HOST_l2c(c->Nl, p);
+    (void)HOST_l2c(c->Nh, p);
+#endif
+    p -= HASH_CBLOCK;
+    HASH_BLOCK_DATA_ORDER(c, p, 1);
+    c->num = 0;
+    OPENSSL_cleanse(p, HASH_CBLOCK);
+
+#ifndef HASH_MAKE_STRING
+# error "HASH_MAKE_STRING must be defined!"
+#else
+    HASH_MAKE_STRING(c, md);
+#endif
+
+    return 1;
+}
+
+#ifndef MD32_REG_T
+# if defined(__alpha) || defined(__sparcv9) || defined(__mips)
+#  define MD32_REG_T long
+/*
+ * This comment was originally written for MD5, which is why it
+ * discusses A-D. But it basically applies to all 32-bit digests,
+ * which is why it was moved to common header file.
+ *
+ * In case you wonder why A-D are declared as long and not
+ * as MD5_LONG. Doing so results in slight performance
+ * boost on LP64 architectures. The catch is we don't
+ * really care if 32 MSBs of a 64-bit register get polluted
+ * with eventual overflows as we *save* only 32 LSBs in
+ * *either* case. Now declaring 'em long excuses the compiler
+ * from keeping 32 MSBs zeroed resulting in 13% performance
+ * improvement under SPARC Solaris7/64 and 5% under AlphaLinux.
+ * Well, to be honest it should say that this *prevents*
+ * performance degradation.
+ */
+# else
+/*
+ * Above is not absolute and there are LP64 compilers that
+ * generate better code if MD32_REG_T is defined int. The above
+ * pre-processor condition reflects the circumstances under which
+ * the conclusion was made and is subject to further extension.
+ */
+#  define MD32_REG_T int
+# endif
+#endif
diff --git a/crypto/openssl/include/crypto/objects.h b/crypto/openssl/include/crypto/objects.h
new file mode 100644
index 0000000000000..76e1b4d98838a
--- /dev/null
+++ b/crypto/openssl/include/crypto/objects.h
@@ -0,0 +1,12 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/objects.h>
+
+void obj_cleanup_int(void);
diff --git a/crypto/openssl/include/crypto/poly1305.h b/crypto/openssl/include/crypto/poly1305.h
new file mode 100644
index 0000000000000..5fef239d0f8fa
--- /dev/null
+++ b/crypto/openssl/include/crypto/poly1305.h
@@ -0,0 +1,21 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stddef.h>
+
+#define POLY1305_BLOCK_SIZE  16
+#define POLY1305_DIGEST_SIZE 16
+#define POLY1305_KEY_SIZE    32
+
+typedef struct poly1305_context POLY1305;
+
+size_t Poly1305_ctx_size(void);
+void Poly1305_Init(POLY1305 *ctx, const unsigned char key[32]);
+void Poly1305_Update(POLY1305 *ctx, const unsigned char *inp, size_t len);
+void Poly1305_Final(POLY1305 *ctx, unsigned char mac[16]);
diff --git a/crypto/openssl/include/crypto/rand.h b/crypto/openssl/include/crypto/rand.h
new file mode 100644
index 0000000000000..5350d3a931198
--- /dev/null
+++ b/crypto/openssl/include/crypto/rand.h
@@ -0,0 +1,134 @@
+/*
+ * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Licensed under the OpenSSL licenses, (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * https://www.openssl.org/source/license.html
+ * or in the file LICENSE in the source distribution.
+ */
+
+#ifndef OSSL_CRYPTO_RAND_H
+# define OSSL_CRYPTO_RAND_H
+
+# include <openssl/rand.h>
+
+/* forward declaration */
+typedef struct rand_pool_st RAND_POOL;
+
+void rand_cleanup_int(void);
+void rand_drbg_cleanup_int(void);
+void drbg_delete_thread_state(void);
+
+/* Hardware-based seeding functions. */
+size_t rand_acquire_entropy_from_tsc(RAND_POOL *pool);
+size_t rand_acquire_entropy_from_cpu(RAND_POOL *pool);
+
+/* DRBG entropy callbacks. */
+size_t rand_drbg_get_entropy(RAND_DRBG *drbg,
+                             unsigned char **pout,
+                             int entropy, size_t min_len, size_t max_len,
+                             int prediction_resistance);
+void rand_drbg_cleanup_entropy(RAND_DRBG *drbg,
+                               unsigned char *out, size_t outlen);
+size_t rand_drbg_get_nonce(RAND_DRBG *drbg,
+                           unsigned char **pout,
+                           int entropy, size_t min_len, size_t max_len);
+void rand_drbg_cleanup_nonce(RAND_DRBG *drbg,
+                             unsigned char *out, size_t outlen);
+
+size_t rand_drbg_get_additional_data(RAND_POOL *pool, unsigned char **pout);
+
+void rand_drbg_cleanup_additional_data(RAND_POOL *pool, unsigned char *out);
+
+/*
+ * RAND_POOL functions
+ */
+RAND_POOL *rand_pool_new(int entropy_requested, int secure,
+                         size_t min_len, size_t max_len);
+RAND_POOL *rand_pool_attach(const unsigned char *buffer, size_t len,
+                            size_t entropy);
+void rand_pool_free(RAND_POOL *pool);
+
+const unsigned char *rand_pool_buffer(RAND_POOL *pool);
+unsigned char *rand_pool_detach(RAND_POOL *pool);
+void rand_pool_reattach(RAND_POOL *pool, unsigned char *buffer);
+
+size_t rand_pool_entropy(RAND_POOL *pool);
+size_t rand_pool_length(RAND_POOL *pool);
+
+size_t rand_pool_entropy_available(RAND_POOL *pool);
+size_t rand_pool_entropy_needed(RAND_POOL *pool);
+/* |entropy_factor| expresses how many bits of data contain 1 bit of entropy */
+size_t rand_pool_bytes_needed(RAND_POOL *pool, unsigned int entropy_factor);
+size_t rand_pool_bytes_remaining(RAND_POOL *pool);
+
+int rand_pool_add(RAND_POOL *pool,
+                  const unsigned char *buffer, size_t len, size_t entropy);
+unsigned char *rand_pool_add_begin(RAND_POOL *pool, size_t len);
+int rand_pool_add_end(RAND_POOL *pool, size_t len, size_t entropy);
+
+
+/*
+ * Add random bytes to the pool to acquire requested amount of entropy
+ *
+ * This function is platform specific and tries to acquire the requested
+ * amount of entropy by polling platform specific entropy sources.
+ *
+ * If the function succeeds in acquiring at least |entropy_requested| bits
+ * of entropy, the total entropy count is returned. If it fails, it returns
+ * an entropy count of 0.
+ */
+size_t rand_pool_acquire_entropy(RAND_POOL *pool);
+
+/*
+ * Add some application specific nonce data
+ *
+ * This function is platform specific and adds some application specific
+ * data to the nonce used for instantiating the drbg.
+ *
+ * This data currently consists of the process and thread id, and a high
+ * resolution timestamp. The data does not include an atomic counter,
+ * because that is added by the calling function rand_drbg_get_nonce().
+ *
+ * Returns 1 on success and 0 on failure.
+ */
+int rand_pool_add_nonce_data(RAND_POOL *pool);
+
+
+/*
+ * Add some platform specific additional data
+ *
+ * This function is platform specific and adds some random noise to the
+ * additional data used for generating random bytes and for reseeding
+ * the drbg.
+ *
+ * Returns 1 on success and 0 on failure.
+ */
+int rand_pool_add_additional_data(RAND_POOL *pool);
+
+/*
+ * Initialise the random pool reseeding sources.
+ *
+ * Returns 1 on success and 0 on failure.
+ */
+int rand_pool_init(void);
+
+/*
+ * Finalise the random pool reseeding sources.
+ */
+void rand_pool_cleanup(void);
+
+/*
+ * Control the random pool use of open file descriptors.
+ */
+void rand_pool_keep_random_devices_open(int keep);
+
+#endif
diff --git a/crypto/openssl/include/crypto/sha.h b/crypto/openssl/include/crypto/sha.h
new file mode 100644
index 0000000000000..6d15edb9e57e2
--- /dev/null
+++ b/crypto/openssl/include/crypto/sha.h
@@ -0,0 +1,19 @@
+/*
+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2018, Oracle and/or its affiliates.  All rights reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_SHA_H
+# define OSSL_CRYPTO_SHA_H
+
+# include <openssl/opensslconf.h>
+
+int sha512_224_init(SHA512_CTX *);
+int sha512_256_init(SHA512_CTX *);
+
+#endif
diff --git a/crypto/openssl/include/crypto/siphash.h b/crypto/openssl/include/crypto/siphash.h
new file mode 100644
index 0000000000000..9573680f0f15a
--- /dev/null
+++ b/crypto/openssl/include/crypto/siphash.h
@@ -0,0 +1,25 @@
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stddef.h>
+
+#define SIPHASH_BLOCK_SIZE        8
+#define SIPHASH_KEY_SIZE         16
+#define SIPHASH_MIN_DIGEST_SIZE   8
+#define SIPHASH_MAX_DIGEST_SIZE  16
+
+typedef struct siphash_st SIPHASH;
+
+size_t SipHash_ctx_size(void);
+size_t SipHash_hash_size(SIPHASH *ctx);
+int SipHash_set_hash_size(SIPHASH *ctx, size_t hash_size);
+int SipHash_Init(SIPHASH *ctx, const unsigned char *k,
+                 int crounds, int drounds);
+void SipHash_Update(SIPHASH *ctx, const unsigned char *in, size_t inlen);
+int SipHash_Final(SIPHASH *ctx, unsigned char *out, size_t outlen);
diff --git a/crypto/openssl/include/crypto/sm2.h b/crypto/openssl/include/crypto/sm2.h
new file mode 100644
index 0000000000000..76ee80baff192
--- /dev/null
+++ b/crypto/openssl/include/crypto/sm2.h
@@ -0,0 +1,78 @@
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017 Ribose Inc. All Rights Reserved.
+ * Ported from Ribose contributions from Botan.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_SM2_H
+# define OSSL_CRYPTO_SM2_H
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_SM2
+
+#  include <openssl/ec.h>
+
+/* The default user id as specified in GM/T 0009-2012 */
+#  define SM2_DEFAULT_USERID "1234567812345678"
+
+int sm2_compute_z_digest(uint8_t *out,
+                         const EVP_MD *digest,
+                         const uint8_t *id,
+                         const size_t id_len,
+                         const EC_KEY *key);
+
+/*
+ * SM2 signature operation. Computes Z and then signs H(Z || msg) using SM2
+ */
+ECDSA_SIG *sm2_do_sign(const EC_KEY *key,
+                       const EVP_MD *digest,
+                       const uint8_t *id,
+                       const size_t id_len,
+                       const uint8_t *msg, size_t msg_len);
+
+int sm2_do_verify(const EC_KEY *key,
+                  const EVP_MD *digest,
+                  const ECDSA_SIG *signature,
+                  const uint8_t *id,
+                  const size_t id_len,
+                  const uint8_t *msg, size_t msg_len);
+
+/*
+ * SM2 signature generation.
+ */
+int sm2_sign(const unsigned char *dgst, int dgstlen,
+             unsigned char *sig, unsigned int *siglen, EC_KEY *eckey);
+
+/*
+ * SM2 signature verification.
+ */
+int sm2_verify(const unsigned char *dgst, int dgstlen,
+               const unsigned char *sig, int siglen, EC_KEY *eckey);
+
+/*
+ * SM2 encryption
+ */
+int sm2_ciphertext_size(const EC_KEY *key, const EVP_MD *digest, size_t msg_len,
+                        size_t *ct_size);
+
+int sm2_plaintext_size(const EC_KEY *key, const EVP_MD *digest, size_t msg_len,
+                       size_t *pt_size);
+
+int sm2_encrypt(const EC_KEY *key,
+                const EVP_MD *digest,
+                const uint8_t *msg,
+                size_t msg_len,
+                uint8_t *ciphertext_buf, size_t *ciphertext_len);
+
+int sm2_decrypt(const EC_KEY *key,
+                const EVP_MD *digest,
+                const uint8_t *ciphertext,
+                size_t ciphertext_len, uint8_t *ptext_buf, size_t *ptext_len);
+
+# endif /* OPENSSL_NO_SM2 */
+#endif
diff --git a/crypto/openssl/include/crypto/sm2err.h b/crypto/openssl/include/crypto/sm2err.h
new file mode 100644
index 0000000000000..d1c0ee25918c1
--- /dev/null
+++ b/crypto/openssl/include/crypto/sm2err.h
@@ -0,0 +1,65 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_SM2ERR_H
+# define OSSL_CRYPTO_SM2ERR_H
+
+# ifndef HEADER_SYMHACKS_H
+#  include <openssl/symhacks.h>
+# endif
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_SM2
+
+#  ifdef  __cplusplus
+extern "C"
+#  endif
+int ERR_load_SM2_strings(void);
+
+/*
+ * SM2 function codes.
+ */
+#  define SM2_F_PKEY_SM2_COPY                              115
+#  define SM2_F_PKEY_SM2_CTRL                              109
+#  define SM2_F_PKEY_SM2_CTRL_STR                          110
+#  define SM2_F_PKEY_SM2_DIGEST_CUSTOM                     114
+#  define SM2_F_PKEY_SM2_INIT                              111
+#  define SM2_F_PKEY_SM2_SIGN                              112
+#  define SM2_F_SM2_COMPUTE_MSG_HASH                       100
+#  define SM2_F_SM2_COMPUTE_USERID_DIGEST                  101
+#  define SM2_F_SM2_COMPUTE_Z_DIGEST                       113
+#  define SM2_F_SM2_DECRYPT                                102
+#  define SM2_F_SM2_ENCRYPT                                103
+#  define SM2_F_SM2_PLAINTEXT_SIZE                         104
+#  define SM2_F_SM2_SIGN                                   105
+#  define SM2_F_SM2_SIG_GEN                                106
+#  define SM2_F_SM2_SIG_VERIFY                             107
+#  define SM2_F_SM2_VERIFY                                 108
+
+/*
+ * SM2 reason codes.
+ */
+#  define SM2_R_ASN1_ERROR                                 100
+#  define SM2_R_BAD_SIGNATURE                              101
+#  define SM2_R_BUFFER_TOO_SMALL                           107
+#  define SM2_R_DIST_ID_TOO_LARGE                          110
+#  define SM2_R_ID_NOT_SET                                 112
+#  define SM2_R_ID_TOO_LARGE                               111
+#  define SM2_R_INVALID_CURVE                              108
+#  define SM2_R_INVALID_DIGEST                             102
+#  define SM2_R_INVALID_DIGEST_TYPE                        103
+#  define SM2_R_INVALID_ENCODING                           104
+#  define SM2_R_INVALID_FIELD                              105
+#  define SM2_R_NO_PARAMETERS_SET                          109
+#  define SM2_R_USER_ID_TOO_LARGE                          106
+
+# endif
+#endif
diff --git a/crypto/openssl/include/crypto/sm3.h b/crypto/openssl/include/crypto/sm3.h
new file mode 100644
index 0000000000000..97e7460333313
--- /dev/null
+++ b/crypto/openssl/include/crypto/sm3.h
@@ -0,0 +1,39 @@
+/*
+ * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017 Ribose Inc. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_SM3_H
+# define OSSL_CRYPTO_SM3_H
+
+# include <openssl/opensslconf.h>
+
+# ifdef OPENSSL_NO_SM3
+#  error SM3 is disabled.
+# endif
+
+# define SM3_DIGEST_LENGTH 32
+# define SM3_WORD unsigned int
+
+# define SM3_CBLOCK      64
+# define SM3_LBLOCK      (SM3_CBLOCK/4)
+
+typedef struct SM3state_st {
+   SM3_WORD A, B, C, D, E, F, G, H;
+   SM3_WORD Nl, Nh;
+   SM3_WORD data[SM3_LBLOCK];
+   unsigned int num;
+} SM3_CTX;
+
+int sm3_init(SM3_CTX *c);
+int sm3_update(SM3_CTX *c, const void *data, size_t len);
+int sm3_final(unsigned char *md, SM3_CTX *c);
+
+void sm3_block_data_order(SM3_CTX *c, const void *p, size_t num);
+
+#endif
diff --git a/crypto/openssl/include/crypto/sm4.h b/crypto/openssl/include/crypto/sm4.h
new file mode 100644
index 0000000000000..abe28f385e0a6
--- /dev/null
+++ b/crypto/openssl/include/crypto/sm4.h
@@ -0,0 +1,37 @@
+/*
+ * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017 Ribose Inc. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_SM4_H
+# define OSSL_CRYPTO_SM4_H
+
+# include <openssl/opensslconf.h>
+# include <openssl/e_os2.h>
+
+# ifdef OPENSSL_NO_SM4
+#  error SM4 is disabled.
+# endif
+
+# define SM4_ENCRYPT     1
+# define SM4_DECRYPT     0
+
+# define SM4_BLOCK_SIZE    16
+# define SM4_KEY_SCHEDULE  32
+
+typedef struct SM4_KEY_st {
+    uint32_t rk[SM4_KEY_SCHEDULE];
+} SM4_KEY;
+
+int SM4_set_key(const uint8_t *key, SM4_KEY *ks);
+
+void SM4_encrypt(const uint8_t *in, uint8_t *out, const SM4_KEY *ks);
+
+void SM4_decrypt(const uint8_t *in, uint8_t *out, const SM4_KEY *ks);
+
+#endif
diff --git a/crypto/openssl/include/crypto/store.h b/crypto/openssl/include/crypto/store.h
new file mode 100644
index 0000000000000..428d3c60e13ea
--- /dev/null
+++ b/crypto/openssl/include/crypto/store.h
@@ -0,0 +1,28 @@
+/*
+ * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_STORE_H
+# define OSSL_CRYPTO_STORE_H
+
+# include <openssl/bio.h>
+# include <openssl/store.h>
+# include <openssl/ui.h>
+
+/*
+ * Two functions to read PEM data off an already opened BIO.  To be used
+ * instead of OSSLSTORE_open() and OSSLSTORE_close().  Everything is done
+ * as usual with OSSLSTORE_load() and OSSLSTORE_eof().
+ */
+OSSL_STORE_CTX *ossl_store_attach_pem_bio(BIO *bp, const UI_METHOD *ui_method,
+                                          void *ui_data);
+int ossl_store_detach_pem_bio(OSSL_STORE_CTX *ctx);
+
+void ossl_store_cleanup_int(void);
+
+#endif
diff --git a/crypto/openssl/include/crypto/x509.h b/crypto/openssl/include/crypto/x509.h
new file mode 100644
index 0000000000000..b53c2b03c39ec
--- /dev/null
+++ b/crypto/openssl/include/crypto/x509.h
@@ -0,0 +1,286 @@
+/*
+ * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/refcount.h"
+
+/* Internal X509 structures and functions: not for application use */
+
+/* Note: unless otherwise stated a field pointer is mandatory and should
+ * never be set to NULL: the ASN.1 code and accessors rely on mandatory
+ * fields never being NULL.
+ */
+
+/*
+ * name entry structure, equivalent to AttributeTypeAndValue defined
+ * in RFC5280 et al.
+ */
+struct X509_name_entry_st {
+    ASN1_OBJECT *object;        /* AttributeType */
+    ASN1_STRING *value;         /* AttributeValue */
+    int set;                    /* index of RDNSequence for this entry */
+    int size;                   /* temp variable */
+};
+
+/* Name from RFC 5280. */
+struct X509_name_st {
+    STACK_OF(X509_NAME_ENTRY) *entries; /* DN components */
+    int modified;               /* true if 'bytes' needs to be built */
+    BUF_MEM *bytes;             /* cached encoding: cannot be NULL */
+    /* canonical encoding used for rapid Name comparison */
+    unsigned char *canon_enc;
+    int canon_enclen;
+} /* X509_NAME */ ;
+
+/* Signature info structure */
+
+struct x509_sig_info_st {
+    /* NID of message digest */
+    int mdnid;
+    /* NID of public key algorithm */
+    int pknid;
+    /* Security bits */
+    int secbits;
+    /* Various flags */
+    uint32_t flags;
+};
+
+/* PKCS#10 certificate request */
+
+struct X509_req_info_st {
+    ASN1_ENCODING enc;          /* cached encoding of signed part */
+    ASN1_INTEGER *version;      /* version, defaults to v1(0) so can be NULL */
+    X509_NAME *subject;         /* certificate request DN */
+    X509_PUBKEY *pubkey;        /* public key of request */
+    /*
+     * Zero or more attributes.
+     * NB: although attributes is a mandatory field some broken
+     * encodings omit it so this may be NULL in that case.
+     */
+    STACK_OF(X509_ATTRIBUTE) *attributes;
+};
+
+struct X509_req_st {
+    X509_REQ_INFO req_info;     /* signed certificate request data */
+    X509_ALGOR sig_alg;         /* signature algorithm */
+    ASN1_BIT_STRING *signature; /* signature */
+    CRYPTO_REF_COUNT references;
+    CRYPTO_RWLOCK *lock;
+};
+
+struct X509_crl_info_st {
+    ASN1_INTEGER *version;      /* version: defaults to v1(0) so may be NULL */
+    X509_ALGOR sig_alg;         /* signature algorithm */
+    X509_NAME *issuer;          /* CRL issuer name */
+    ASN1_TIME *lastUpdate;      /* lastUpdate field */
+    ASN1_TIME *nextUpdate;      /* nextUpdate field: optional */
+    STACK_OF(X509_REVOKED) *revoked;        /* revoked entries: optional */
+    STACK_OF(X509_EXTENSION) *extensions;   /* extensions: optional */
+    ASN1_ENCODING enc;                      /* encoding of signed portion of CRL */
+};
+
+struct X509_crl_st {
+    X509_CRL_INFO crl;          /* signed CRL data */
+    X509_ALGOR sig_alg;         /* CRL signature algorithm */
+    ASN1_BIT_STRING signature;  /* CRL signature */
+    CRYPTO_REF_COUNT references;
+    int flags;
+    /*
+     * Cached copies of decoded extension values, since extensions
+     * are optional any of these can be NULL.
+     */
+    AUTHORITY_KEYID *akid;
+    ISSUING_DIST_POINT *idp;
+    /* Convenient breakdown of IDP */
+    int idp_flags;
+    int idp_reasons;
+    /* CRL and base CRL numbers for delta processing */
+    ASN1_INTEGER *crl_number;
+    ASN1_INTEGER *base_crl_number;
+    STACK_OF(GENERAL_NAMES) *issuers;
+    /* hash of CRL */
+    unsigned char sha1_hash[SHA_DIGEST_LENGTH];
+    /* alternative method to handle this CRL */
+    const X509_CRL_METHOD *meth;
+    void *meth_data;
+    CRYPTO_RWLOCK *lock;
+};
+
+struct x509_revoked_st {
+    ASN1_INTEGER serialNumber; /* revoked entry serial number */
+    ASN1_TIME *revocationDate;  /* revocation date */
+    STACK_OF(X509_EXTENSION) *extensions;   /* CRL entry extensions: optional */
+    /* decoded value of CRLissuer extension: set if indirect CRL */
+    STACK_OF(GENERAL_NAME) *issuer;
+    /* revocation reason: set to CRL_REASON_NONE if reason extension absent */
+    int reason;
+    /*
+     * CRL entries are reordered for faster lookup of serial numbers. This
+     * field contains the original load sequence for this entry.
+     */
+    int sequence;
+};
+
+/*
+ * This stuff is certificate "auxiliary info": it contains details which are
+ * useful in certificate stores and databases. When used this is tagged onto
+ * the end of the certificate itself. OpenSSL specific structure not defined
+ * in any RFC.
+ */
+
+struct x509_cert_aux_st {
+    STACK_OF(ASN1_OBJECT) *trust; /* trusted uses */
+    STACK_OF(ASN1_OBJECT) *reject; /* rejected uses */
+    ASN1_UTF8STRING *alias;     /* "friendly name" */
+    ASN1_OCTET_STRING *keyid;   /* key id of private key */
+    STACK_OF(X509_ALGOR) *other; /* other unspecified info */
+};
+
+struct x509_cinf_st {
+    ASN1_INTEGER *version;      /* [ 0 ] default of v1 */
+    ASN1_INTEGER serialNumber;
+    X509_ALGOR signature;
+    X509_NAME *issuer;
+    X509_VAL validity;
+    X509_NAME *subject;
+    X509_PUBKEY *key;
+    ASN1_BIT_STRING *issuerUID; /* [ 1 ] optional in v2 */
+    ASN1_BIT_STRING *subjectUID; /* [ 2 ] optional in v2 */
+    STACK_OF(X509_EXTENSION) *extensions; /* [ 3 ] optional in v3 */
+    ASN1_ENCODING enc;
+};
+
+struct x509_st {
+    X509_CINF cert_info;
+    X509_ALGOR sig_alg;
+    ASN1_BIT_STRING signature;
+    X509_SIG_INFO siginf;
+    CRYPTO_REF_COUNT references;
+    CRYPTO_EX_DATA ex_data;
+    /* These contain copies of various extension values */
+    long ex_pathlen;
+    long ex_pcpathlen;
+    uint32_t ex_flags;
+    uint32_t ex_kusage;
+    uint32_t ex_xkusage;
+    uint32_t ex_nscert;
+    ASN1_OCTET_STRING *skid;
+    AUTHORITY_KEYID *akid;
+    X509_POLICY_CACHE *policy_cache;
+    STACK_OF(DIST_POINT) *crldp;
+    STACK_OF(GENERAL_NAME) *altname;
+    NAME_CONSTRAINTS *nc;
+#ifndef OPENSSL_NO_RFC3779
+    STACK_OF(IPAddressFamily) *rfc3779_addr;
+    struct ASIdentifiers_st *rfc3779_asid;
+# endif
+    unsigned char sha1_hash[SHA_DIGEST_LENGTH];
+    X509_CERT_AUX *aux;
+    CRYPTO_RWLOCK *lock;
+    volatile int ex_cached;
+} /* X509 */ ;
+
+/*
+ * This is a used when verifying cert chains.  Since the gathering of the
+ * cert chain can take some time (and have to be 'retried', this needs to be
+ * kept and passed around.
+ */
+struct x509_store_ctx_st {      /* X509_STORE_CTX */
+    X509_STORE *ctx;
+    /* The following are set by the caller */
+    /* The cert to check */
+    X509 *cert;
+    /* chain of X509s - untrusted - passed in */
+    STACK_OF(X509) *untrusted;
+    /* set of CRLs passed in */
+    STACK_OF(X509_CRL) *crls;
+    X509_VERIFY_PARAM *param;
+    /* Other info for use with get_issuer() */
+    void *other_ctx;
+    /* Callbacks for various operations */
+    /* called to verify a certificate */
+    int (*verify) (X509_STORE_CTX *ctx);
+    /* error callback */
+    int (*verify_cb) (int ok, X509_STORE_CTX *ctx);
+    /* get issuers cert from ctx */
+    int (*get_issuer) (X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
+    /* check issued */
+    int (*check_issued) (X509_STORE_CTX *ctx, X509 *x, X509 *issuer);
+    /* Check revocation status of chain */
+    int (*check_revocation) (X509_STORE_CTX *ctx);
+    /* retrieve CRL */
+    int (*get_crl) (X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x);
+    /* Check CRL validity */
+    int (*check_crl) (X509_STORE_CTX *ctx, X509_CRL *crl);
+    /* Check certificate against CRL */
+    int (*cert_crl) (X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x);
+    /* Check policy status of the chain */
+    int (*check_policy) (X509_STORE_CTX *ctx);
+    STACK_OF(X509) *(*lookup_certs) (X509_STORE_CTX *ctx, X509_NAME *nm);
+    STACK_OF(X509_CRL) *(*lookup_crls) (X509_STORE_CTX *ctx, X509_NAME *nm);
+    int (*cleanup) (X509_STORE_CTX *ctx);
+    /* The following is built up */
+    /* if 0, rebuild chain */
+    int valid;
+    /* number of untrusted certs */
+    int num_untrusted;
+    /* chain of X509s - built up and trusted */
+    STACK_OF(X509) *chain;
+    /* Valid policy tree */
+    X509_POLICY_TREE *tree;
+    /* Require explicit policy value */
+    int explicit_policy;
+    /* When something goes wrong, this is why */
+    int error_depth;
+    int error;
+    X509 *current_cert;
+    /* cert currently being tested as valid issuer */
+    X509 *current_issuer;
+    /* current CRL */
+    X509_CRL *current_crl;
+    /* score of current CRL */
+    int current_crl_score;
+    /* Reason mask */
+    unsigned int current_reasons;
+    /* For CRL path validation: parent context */
+    X509_STORE_CTX *parent;
+    CRYPTO_EX_DATA ex_data;
+    SSL_DANE *dane;
+    /* signed via bare TA public key, rather than CA certificate */
+    int bare_ta_signed;
+};
+
+/* PKCS#8 private key info structure */
+
+struct pkcs8_priv_key_info_st {
+    ASN1_INTEGER *version;
+    X509_ALGOR *pkeyalg;
+    ASN1_OCTET_STRING *pkey;
+    STACK_OF(X509_ATTRIBUTE) *attributes;
+};
+
+struct X509_sig_st {
+    X509_ALGOR *algor;
+    ASN1_OCTET_STRING *digest;
+};
+
+struct x509_object_st {
+    /* one of the above types */
+    X509_LOOKUP_TYPE type;
+    union {
+        char *ptr;
+        X509 *x509;
+        X509_CRL *crl;
+        EVP_PKEY *pkey;
+    } data;
+};
+
+int a2i_ipadd(unsigned char *ipout, const char *ipasc);
+int x509_set1_time(ASN1_TIME **ptm, const ASN1_TIME *tm);
+
+void x509_init_sig_info(X509 *x);
diff --git a/crypto/openssl/include/internal/conf.h b/crypto/openssl/include/internal/conf.h
index 29bc9f963c91d..163fea8de418a 100644
--- a/crypto/openssl/include/internal/conf.h
+++ b/crypto/openssl/include/internal/conf.h
@@ -7,8 +7,8 @@
  * https://www.openssl.org/source/license.html
  */
 
-#ifndef HEADER_INTERNAL_CONF_H
-# define HEADER_INTERNAL_CONF_H
+#ifndef OSSL_INTERNAL_CONF_H
+# define OSSL_INTERNAL_CONF_H
 
 #include <openssl/conf.h>
 
diff --git a/crypto/openssl/include/internal/constant_time_locl.h b/crypto/openssl/include/internal/constant_time.h
index 0193a653d4bb1..6600a1d72aeb0 100644
--- a/crypto/openssl/include/internal/constant_time_locl.h
+++ b/crypto/openssl/include/internal/constant_time.h
@@ -7,8 +7,8 @@
  * https://www.openssl.org/source/license.html
  */
 
-#ifndef HEADER_CONSTANT_TIME_LOCL_H
-# define HEADER_CONSTANT_TIME_LOCL_H
+#ifndef OSSL_INTERNAL_CONSTANT_TIME_H
+# define OSSL_INTERNAL_CONSTANT_TIME_H
 
 # include <stdlib.h>
 # include <string.h>
@@ -384,4 +384,4 @@ static ossl_inline void constant_time_lookup(void *out,
  */
 void err_clear_last_constant_time(int clear);
 
-#endif                          /* HEADER_CONSTANT_TIME_LOCL_H */
+#endif                          /* OSSL_INTERNAL_CONSTANT_TIME_H */
diff --git a/crypto/openssl/include/internal/cryptlib.h b/crypto/openssl/include/internal/cryptlib.h
index 23e17e5586e8f..6e7291ae41bc3 100644
--- a/crypto/openssl/include/internal/cryptlib.h
+++ b/crypto/openssl/include/internal/cryptlib.h
@@ -7,8 +7,8 @@
  * https://www.openssl.org/source/license.html
  */
 
-#ifndef HEADER_CRYPTLIB_H
-# define HEADER_CRYPTLIB_H
+#ifndef OSSL_INTERNAL_CRYPTLIB_H
+# define OSSL_INTERNAL_CRYPTLIB_H
 
 # include <stdlib.h>
 # include <string.h>
diff --git a/crypto/openssl/include/internal/dane.h b/crypto/openssl/include/internal/dane.h
index a1cb5488ba003..7a39bd7d7d46c 100644
--- a/crypto/openssl/include/internal/dane.h
+++ b/crypto/openssl/include/internal/dane.h
@@ -7,8 +7,8 @@
  * https://www.openssl.org/source/license.html
  */
 
-#ifndef HEADER_INTERNAL_DANE_H
-#define HEADER_INTERNAL_DANE_H
+#ifndef OSSL_INTERNAL_DANE_H
+#define OSSL_INTERNAL_DANE_H
 
 #include <openssl/safestack.h>
 
@@ -100,4 +100,4 @@ struct ssl_dane_st {
 #define DANETLS_HAS_DANE_TA(dane) ((dane)&&((dane)->umask & DANETLS_DANE_TA_MASK))
 #define DANETLS_HAS_DANE_EE(dane) ((dane)&&((dane)->umask & DANETLS_DANE_EE_MASK))
 
-#endif /* HEADER_INTERNAL_DANE_H */
+#endif /* OSSL_INTERNAL_DANE_H */
diff --git a/crypto/openssl/include/internal/dso.h b/crypto/openssl/include/internal/dso.h
index eb5f7d53c7d6f..c57c0c4075927 100644
--- a/crypto/openssl/include/internal/dso.h
+++ b/crypto/openssl/include/internal/dso.h
@@ -7,8 +7,8 @@
  * https://www.openssl.org/source/license.html
  */
 
-#ifndef HEADER_DSO_H
-# define HEADER_DSO_H
+#ifndef OSSL_INTERNAL_DSO_H
+# define OSSL_INTERNAL_DSO_H
 
 # include <openssl/crypto.h>
 # include "internal/dsoerr.h"
diff --git a/crypto/openssl/include/internal/dsoerr.h b/crypto/openssl/include/internal/dsoerr.h
index 5f4511c4d6f88..94d642a22d8c9 100644
--- a/crypto/openssl/include/internal/dsoerr.h
+++ b/crypto/openssl/include/internal/dsoerr.h
@@ -8,8 +8,8 @@
  * https://www.openssl.org/source/license.html
  */
 
-#ifndef HEADER_DSOERR_H
-# define HEADER_DSOERR_H
+#ifndef OSSL_INTERNAL_DSOERR_H
+# define OSSL_INTERNAL_DSOERR_H
 
 # ifndef HEADER_SYMHACKS_H
 #  include <openssl/symhacks.h>
diff --git a/crypto/openssl/include/internal/err.h b/crypto/openssl/include/internal/err.h
index d46b8bdb29256..88dde7059157f 100644
--- a/crypto/openssl/include/internal/err.h
+++ b/crypto/openssl/include/internal/err.h
@@ -7,8 +7,8 @@
  * https://www.openssl.org/source/license.html
  */
 
-#ifndef INTERNAL_ERR_H
-# define INTERNAL_ERR_H
+#ifndef OSSL_INTERNAL_ERR_H
+# define OSSL_INTERNAL_ERR_H
 
 void err_free_strings_int(void);
 
diff --git a/crypto/openssl/include/internal/nelem.h b/crypto/openssl/include/internal/nelem.h
index d65a21a9fbef8..699ef88ee5234 100644
--- a/crypto/openssl/include/internal/nelem.h
+++ b/crypto/openssl/include/internal/nelem.h
@@ -7,8 +7,8 @@
  * https://www.openssl.org/source/license.html
  */
 
-#ifndef HEADER_NELEM_H
-# define HEADER_NELEM_H
+#ifndef OSSL_INTERNAL_NELEM_H
+# define OSSL_INTERNAL_NELEM_H
 
 # define OSSL_NELEM(x)    (sizeof(x)/sizeof((x)[0]))
 #endif
diff --git a/crypto/openssl/include/internal/numbers.h b/crypto/openssl/include/internal/numbers.h
index 31931df3c2fff..f5ade5226e5b5 100644
--- a/crypto/openssl/include/internal/numbers.h
+++ b/crypto/openssl/include/internal/numbers.h
@@ -7,8 +7,8 @@
  * https://www.openssl.org/source/license.html
  */
 
-#ifndef HEADER_NUMBERS_H
-# define HEADER_NUMBERS_H
+#ifndef OSSL_INTERNAL_NUMBERS_H
+# define OSSL_INTERNAL_NUMBERS_H
 
 # include <limits.h>
 
diff --git a/crypto/openssl/include/internal/o_dir.h b/crypto/openssl/include/internal/o_dir.h
index e7b55e0c18b3a..dafc8dd2e74b8 100644
--- a/crypto/openssl/include/internal/o_dir.h
+++ b/crypto/openssl/include/internal/o_dir.h
@@ -36,8 +36,8 @@
  * SUCH DAMAGE.
  */
 
-#ifndef O_DIR_H
-# define O_DIR_H
+#ifndef OSSL_INTERNAL_O_DIR_H
+# define OSSL_INTERNAL_O_DIR_H
 
 typedef struct OPENSSL_dir_context_st OPENSSL_DIR_CTX;
 
diff --git a/crypto/openssl/include/internal/o_str.h b/crypto/openssl/include/internal/o_str.h
index 86403c9ee2829..15c12e820d2ba 100644
--- a/crypto/openssl/include/internal/o_str.h
+++ b/crypto/openssl/include/internal/o_str.h
@@ -7,8 +7,8 @@
  * https://www.openssl.org/source/license.html
  */
 
-#ifndef HEADER_O_STR_H
-# define HEADER_O_STR_H
+#ifndef OSSL_INTERNAL_O_STR_H
+# define OSSL_INTERNAL_O_STR_H
 
 # include <stddef.h>            /* to get size_t */
 
diff --git a/crypto/openssl/include/internal/refcount.h b/crypto/openssl/include/internal/refcount.h
index 6e1a840ef1ea6..8fb536eadc074 100644
--- a/crypto/openssl/include/internal/refcount.h
+++ b/crypto/openssl/include/internal/refcount.h
@@ -6,8 +6,8 @@
  * in the file LICENSE in the source distribution or at
  * https://www.openssl.org/source/license.html
  */
-#ifndef HEADER_INTERNAL_REFCOUNT_H
-# define HEADER_INTERNAL_REFCOUNT_H
+#ifndef OSSL_INTERNAL_REFCOUNT_H
+# define OSSL_INTERNAL_REFCOUNT_H
 
 /* Used to checking reference counts, most while doing perl5 stuff :-) */
 # if defined(OPENSSL_NO_STDIO)
diff --git a/crypto/openssl/include/internal/sockets.h b/crypto/openssl/include/internal/sockets.h
index 5bb0355f07ed1..39186efef2076 100644
--- a/crypto/openssl/include/internal/sockets.h
+++ b/crypto/openssl/include/internal/sockets.h
@@ -8,8 +8,8 @@
  */
 
 
-#ifndef HEADER_INTERNAL_SOCKETS
-# define HEADER_INTERNAL_SOCKETS
+#ifndef OSSL_INTERNAL_SOCKETS_H
+# define OSSL_INTERNAL_SOCKETS_H
 
 # if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)
 #  define NO_SYS_PARAM_H
diff --git a/crypto/openssl/include/internal/sslconf.h b/crypto/openssl/include/internal/sslconf.h
index d538f8614f586..92c8941d0250c 100644
--- a/crypto/openssl/include/internal/sslconf.h
+++ b/crypto/openssl/include/internal/sslconf.h
@@ -7,8 +7,8 @@
  * https://www.openssl.org/source/license.html
  */
 
-#ifndef HEADER_SSLCONF_H
-# define HEADER_SSLCONF_H
+#ifndef OSSL_INTERNAL_SSLCONF_H
+# define OSSL_INTERNAL_SSLCONF_H
 
 typedef struct ssl_conf_cmd_st SSL_CONF_CMD;
 
diff --git a/crypto/openssl/include/openssl/__DECC_INCLUDE_EPILOGUE.H b/crypto/openssl/include/openssl/__DECC_INCLUDE_EPILOGUE.H
index c350018ad1906..ad0a5f56dc9d6 100644
--- a/crypto/openssl/include/openssl/__DECC_INCLUDE_EPILOGUE.H
+++ b/crypto/openssl/include/openssl/__DECC_INCLUDE_EPILOGUE.H
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -8,9 +8,15 @@
  */
 
 /*
- * This file is only used by HP C on VMS, and is included automatically
+ * This file is only used by HP C/C++ on VMS, and is included automatically
  * after each header file from this directory
  */
 
+/*
+ * The C++ compiler doesn't understand these pragmas, even though it
+ * understands the corresponding command line qualifier.
+ */
+#ifndef __cplusplus
 /* restore state.  Must correspond to the save in __decc_include_prologue.h */
-#pragma names restore
+# pragma names restore
+#endif
diff --git a/crypto/openssl/include/openssl/__DECC_INCLUDE_PROLOGUE.H b/crypto/openssl/include/openssl/__DECC_INCLUDE_PROLOGUE.H
index 9a9c777f93f8a..5f5513e821aca 100644
--- a/crypto/openssl/include/openssl/__DECC_INCLUDE_PROLOGUE.H
+++ b/crypto/openssl/include/openssl/__DECC_INCLUDE_PROLOGUE.H
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -8,13 +8,19 @@
  */
 
 /*
- * This file is only used by HP C on VMS, and is included automatically
+ * This file is only used by HP C/C++ on VMS, and is included automatically
  * after each header file from this directory
  */
 
+/*
+ * The C++ compiler doesn't understand these pragmas, even though it
+ * understands the corresponding command line qualifier.
+ */
+#ifndef __cplusplus
 /* save state */
-#pragma names save
+# pragma names save
 /* have the compiler shorten symbols larger than 31 chars to 23 chars
  * followed by a 8 hex char CRC
  */
-#pragma names as_is,shortened
+# pragma names as_is,shortened
+#endif
diff --git a/crypto/openssl/include/openssl/bio.h b/crypto/openssl/include/openssl/bio.h
index e1fddfb7969d6..ae559a5105078 100644
--- a/crypto/openssl/include/openssl/bio.h
+++ b/crypto/openssl/include/openssl/bio.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -169,6 +169,7 @@ extern "C" {
  */
 # define BIO_FLAGS_MEM_RDONLY    0x200
 # define BIO_FLAGS_NONCLEAR_RST  0x400
+# define BIO_FLAGS_IN_EOF        0x800
 
 typedef union bio_addr_st BIO_ADDR;
 typedef struct bio_addrinfo_st BIO_ADDRINFO;
diff --git a/crypto/openssl/include/openssl/ct.h b/crypto/openssl/include/openssl/ct.h
index d4262fa048047..ebdba34d6777a 100644
--- a/crypto/openssl/include/openssl/ct.h
+++ b/crypto/openssl/include/openssl/ct.h
@@ -463,8 +463,6 @@ __owur int CTLOG_STORE_load_file(CTLOG_STORE *store, const char *file);
 
 /*
  * Loads the default CT log list into a |store|.
- * See internal/cryptlib.h for the environment variable and file path that are
- * consulted to find the default file.
  * Returns 1 if loading is successful, or 0 otherwise.
  */
 __owur int CTLOG_STORE_load_default_file(CTLOG_STORE *store);
diff --git a/crypto/openssl/include/openssl/dsa.h b/crypto/openssl/include/openssl/dsa.h
index 822eff347a293..6d8a18a4ad5aa 100644
--- a/crypto/openssl/include/openssl/dsa.h
+++ b/crypto/openssl/include/openssl/dsa.h
@@ -162,6 +162,12 @@ DH *DSA_dup_DH(const DSA *r);
 # define EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, nbits) \
         EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, \
                                 EVP_PKEY_CTRL_DSA_PARAMGEN_BITS, nbits, NULL)
+# define EVP_PKEY_CTX_set_dsa_paramgen_q_bits(ctx, qbits) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, \
+                                EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS, qbits, NULL)
+# define EVP_PKEY_CTX_set_dsa_paramgen_md(ctx, md) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, \
+                                EVP_PKEY_CTRL_DSA_PARAMGEN_MD, 0, (void *)(md))
 
 # define EVP_PKEY_CTRL_DSA_PARAMGEN_BITS         (EVP_PKEY_ALG_CTRL + 1)
 # define EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS       (EVP_PKEY_ALG_CTRL + 2)
diff --git a/crypto/openssl/include/openssl/dtls1.h b/crypto/openssl/include/openssl/dtls1.h
index a312e386cf9ac..d55ca9c332dde 100644
--- a/crypto/openssl/include/openssl/dtls1.h
+++ b/crypto/openssl/include/openssl/dtls1.h
@@ -43,7 +43,7 @@ extern "C" {
 
 # define DTLS1_AL_HEADER_LENGTH                   2
 
-/* Timeout multipliers (timeout slice is defined in apps/timeouts.h */
+/* Timeout multipliers */
 # define DTLS1_TMO_READ_COUNT                      2
 # define DTLS1_TMO_WRITE_COUNT                     2
 
diff --git a/crypto/openssl/include/openssl/evp.h b/crypto/openssl/include/openssl/evp.h
index 545654a98b1c0..a411f3f2f9491 100644
--- a/crypto/openssl/include/openssl/evp.h
+++ b/crypto/openssl/include/openssl/evp.h
@@ -180,7 +180,7 @@ int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd,
  * if the following flag is set.
  */
 # define EVP_MD_CTX_FLAG_FINALISE        0x0200
-/* NOTE: 0x0400 is reserved for internal usage in evp_int.h */
+/* NOTE: 0x0400 is reserved for internal usage */
 
 EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len);
 EVP_CIPHER *EVP_CIPHER_meth_dup(const EVP_CIPHER *cipher);
@@ -1512,6 +1512,20 @@ void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth,
                                              const char *type,
                                              const char *value));
 
+void EVP_PKEY_meth_set_digestsign(EVP_PKEY_METHOD *pmeth,
+                                  int (*digestsign) (EVP_MD_CTX *ctx,
+                                                     unsigned char *sig,
+                                                     size_t *siglen,
+                                                     const unsigned char *tbs,
+                                                     size_t tbslen));
+
+void EVP_PKEY_meth_set_digestverify(EVP_PKEY_METHOD *pmeth,
+                                    int (*digestverify) (EVP_MD_CTX *ctx,
+                                                         const unsigned char *sig,
+                                                         size_t siglen,
+                                                         const unsigned char *tbs,
+                                                         size_t tbslen));
+
 void EVP_PKEY_meth_set_check(EVP_PKEY_METHOD *pmeth,
                              int (*check) (EVP_PKEY *pkey));
 
@@ -1617,6 +1631,20 @@ void EVP_PKEY_meth_get_ctrl(const EVP_PKEY_METHOD *pmeth,
                                                const char *type,
                                                const char *value));
 
+void EVP_PKEY_meth_get_digestsign(EVP_PKEY_METHOD *pmeth,
+                                  int (**digestsign) (EVP_MD_CTX *ctx,
+                                                      unsigned char *sig,
+                                                      size_t *siglen,
+                                                      const unsigned char *tbs,
+                                                      size_t tbslen));
+
+void EVP_PKEY_meth_get_digestverify(EVP_PKEY_METHOD *pmeth,
+                                    int (**digestverify) (EVP_MD_CTX *ctx,
+                                                          const unsigned char *sig,
+                                                          size_t siglen,
+                                                          const unsigned char *tbs,
+                                                          size_t tbslen));
+
 void EVP_PKEY_meth_get_check(const EVP_PKEY_METHOD *pmeth,
                              int (**pcheck) (EVP_PKEY *pkey));
 
diff --git a/crypto/openssl/include/openssl/evperr.h b/crypto/openssl/include/openssl/evperr.h
index 6a651f5563541..d2b26ea582dec 100644
--- a/crypto/openssl/include/openssl/evperr.h
+++ b/crypto/openssl/include/openssl/evperr.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -160,6 +160,7 @@ int ERR_load_EVP_strings(void);
 # define EVP_R_INPUT_NOT_INITIALIZED                      111
 # define EVP_R_INVALID_DIGEST                             152
 # define EVP_R_INVALID_FIPS_MODE                          168
+# define EVP_R_INVALID_IV_LENGTH                          194
 # define EVP_R_INVALID_KEY                                163
 # define EVP_R_INVALID_KEY_LENGTH                         130
 # define EVP_R_INVALID_OPERATION                          148
diff --git a/crypto/openssl/include/openssl/lhash.h b/crypto/openssl/include/openssl/lhash.h
index 47b99d17fb8a1..2e42d727d4d66 100644
--- a/crypto/openssl/include/openssl/lhash.h
+++ b/crypto/openssl/include/openssl/lhash.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -120,9 +120,8 @@ void OPENSSL_LH_node_usage_stats_bio(const OPENSSL_LHASH *lh, BIO *out);
 
 # define DEFINE_LHASH_OF(type) \
     LHASH_OF(type) { union lh_##type##_dummy { void* d1; unsigned long d2; int d3; } dummy; }; \
-    static ossl_inline LHASH_OF(type) * \
-        lh_##type##_new(unsigned long (*hfn)(const type *), \
-                        int (*cfn)(const type *, const type *)) \
+    static ossl_unused ossl_inline LHASH_OF(type) *lh_##type##_new(unsigned long (*hfn)(const type *), \
+                                                                   int (*cfn)(const type *, const type *)) \
     { \
         return (LHASH_OF(type) *) \
             OPENSSL_LH_new((OPENSSL_LH_HASHFUNC)hfn, (OPENSSL_LH_COMPFUNC)cfn); \
diff --git a/crypto/openssl/include/openssl/obj_mac.h b/crypto/openssl/include/openssl/obj_mac.h
index 47dafe48d0565..483fc0509e198 100644
--- a/crypto/openssl/include/openssl/obj_mac.h
+++ b/crypto/openssl/include/openssl/obj_mac.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by crypto/objects/objects.pl
  *
- * Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
  * in the file LICENSE in the source distribution or at
@@ -1290,12 +1290,12 @@
 #define OBJ_ms_efs              1L,3L,6L,1L,4L,1L,311L,10L,3L,4L
 
 #define SN_ms_smartcard_login           "msSmartcardLogin"
-#define LN_ms_smartcard_login           "Microsoft Smartcardlogin"
+#define LN_ms_smartcard_login           "Microsoft Smartcard Login"
 #define NID_ms_smartcard_login          648
 #define OBJ_ms_smartcard_login          1L,3L,6L,1L,4L,1L,311L,20L,2L,2L
 
 #define SN_ms_upn               "msUPN"
-#define LN_ms_upn               "Microsoft Universal Principal Name"
+#define LN_ms_upn               "Microsoft User Principal Name"
 #define NID_ms_upn              649
 #define OBJ_ms_upn              1L,3L,6L,1L,4L,1L,311L,20L,2L,3L
 
diff --git a/crypto/openssl/include/openssl/ocsp.h b/crypto/openssl/include/openssl/ocsp.h
index 8582fe1ee1a4d..4d759a49de438 100644
--- a/crypto/openssl/include/openssl/ocsp.h
+++ b/crypto/openssl/include/openssl/ocsp.h
@@ -123,7 +123,7 @@ typedef struct ocsp_service_locator_st OCSP_SERVICELOC;
      (char *(*)())d2i_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST, \
      bp,(char **)(x),cb,NULL)
 
-#  define PEM_read_bio_OCSP_RESPONSE(bp,x,cb)(OCSP_RESPONSE *)PEM_ASN1_read_bio(\
+#  define PEM_read_bio_OCSP_RESPONSE(bp,x,cb) (OCSP_RESPONSE *)PEM_ASN1_read_bio(\
      (char *(*)())d2i_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE, \
      bp,(char **)(x),cb,NULL)
 
diff --git a/crypto/openssl/include/openssl/opensslv.h b/crypto/openssl/include/openssl/opensslv.h
index b54524729ec9b..41f78b44ec9fd 100644
--- a/crypto/openssl/include/openssl/opensslv.h
+++ b/crypto/openssl/include/openssl/opensslv.h
@@ -39,8 +39,8 @@ extern "C" {
  * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
  *  major minor fix final patch/beta)
  */
-# define OPENSSL_VERSION_NUMBER  0x1010104fL
-# define OPENSSL_VERSION_TEXT    "OpenSSL 1.1.1d-freebsd  10 Sep 2019"
+# define OPENSSL_VERSION_NUMBER  0x1010105fL
+# define OPENSSL_VERSION_TEXT    "OpenSSL 1.1.1e-freebsd  17 Mar 2020"
 
 /*-
  * The macros below are to be used for shared library (.so, .dll, ...)
diff --git a/crypto/openssl/include/openssl/ossl_typ.h b/crypto/openssl/include/openssl/ossl_typ.h
index 7993ca28f3da5..e0edfaaf47605 100644
--- a/crypto/openssl/include/openssl/ossl_typ.h
+++ b/crypto/openssl/include/openssl/ossl_typ.h
@@ -109,6 +109,7 @@ typedef struct dsa_method DSA_METHOD;
 
 typedef struct rsa_st RSA;
 typedef struct rsa_meth_st RSA_METHOD;
+typedef struct rsa_pss_params_st RSA_PSS_PARAMS;
 
 typedef struct ec_key_st EC_KEY;
 typedef struct ec_key_method_st EC_KEY_METHOD;
diff --git a/crypto/openssl/include/openssl/randerr.h b/crypto/openssl/include/openssl/randerr.h
index 70d1a17a4c6bd..79d57905e3cb4 100644
--- a/crypto/openssl/include/openssl/randerr.h
+++ b/crypto/openssl/include/openssl/randerr.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -21,6 +21,7 @@ int ERR_load_RAND_strings(void);
 /*
  * RAND function codes.
  */
+# define RAND_F_DATA_COLLECT_METHOD                       127
 # define RAND_F_DRBG_BYTES                                101
 # define RAND_F_DRBG_GET_ENTROPY                          105
 # define RAND_F_DRBG_SETUP                                117
@@ -46,6 +47,7 @@ int ERR_load_RAND_strings(void);
 # define RAND_F_RAND_POOL_BYTES_NEEDED                    115
 # define RAND_F_RAND_POOL_GROW                            125
 # define RAND_F_RAND_POOL_NEW                             116
+# define RAND_F_RAND_PSEUDO_BYTES                         126
 # define RAND_F_RAND_WRITE_FILE                           112
 
 /*
diff --git a/crypto/openssl/include/openssl/rsa.h b/crypto/openssl/include/openssl/rsa.h
index cdce1264eb5cc..5e76365c0dfea 100644
--- a/crypto/openssl/include/openssl/rsa.h
+++ b/crypto/openssl/include/openssl/rsa.h
@@ -224,6 +224,7 @@ const BIGNUM *RSA_get0_q(const RSA *d);
 const BIGNUM *RSA_get0_dmp1(const RSA *r);
 const BIGNUM *RSA_get0_dmq1(const RSA *r);
 const BIGNUM *RSA_get0_iqmp(const RSA *r);
+const RSA_PSS_PARAMS *RSA_get0_pss_params(const RSA *r);
 void RSA_clear_flags(RSA *r, int flags);
 int RSA_test_flags(const RSA *r, int flags);
 void RSA_set_flags(RSA *r, int flags);
@@ -279,14 +280,14 @@ int RSA_pkey_ctx_ctrl(EVP_PKEY_CTX *ctx, int optype, int cmd, int p1, void *p2);
 DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPublicKey)
 DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPrivateKey)
 
-typedef struct rsa_pss_params_st {
+struct rsa_pss_params_st {
     X509_ALGOR *hashAlgorithm;
     X509_ALGOR *maskGenAlgorithm;
     ASN1_INTEGER *saltLength;
     ASN1_INTEGER *trailerField;
     /* Decoded hash algorithm from maskGenAlgorithm */
     X509_ALGOR *maskHash;
-} RSA_PSS_PARAMS;
+};
 
 DECLARE_ASN1_FUNCTIONS(RSA_PSS_PARAMS)
 
diff --git a/crypto/openssl/include/openssl/sslerr.h b/crypto/openssl/include/openssl/sslerr.h
index 3d6850dea36e2..0ef684f3c1319 100644
--- a/crypto/openssl/include/openssl/sslerr.h
+++ b/crypto/openssl/include/openssl/sslerr.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -88,6 +88,7 @@ int ERR_load_SSL_strings(void);
 # define SSL_F_OSSL_STATEM_SERVER_CONSTRUCT_MESSAGE       431
 # define SSL_F_OSSL_STATEM_SERVER_POST_PROCESS_MESSAGE    601
 # define SSL_F_OSSL_STATEM_SERVER_POST_WORK               602
+# define SSL_F_OSSL_STATEM_SERVER_PRE_WORK                640
 # define SSL_F_OSSL_STATEM_SERVER_PROCESS_MESSAGE         603
 # define SSL_F_OSSL_STATEM_SERVER_READ_TRANSITION         418
 # define SSL_F_OSSL_STATEM_SERVER_WRITE_TRANSITION        604
@@ -733,6 +734,7 @@ int ERR_load_SSL_strings(void);
 # define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES          243
 # define SSL_R_UNEXPECTED_CCS_MESSAGE                     262
 # define SSL_R_UNEXPECTED_END_OF_EARLY_DATA               178
+# define SSL_R_UNEXPECTED_EOF_WHILE_READING               294
 # define SSL_R_UNEXPECTED_MESSAGE                         244
 # define SSL_R_UNEXPECTED_RECORD                          245
 # define SSL_R_UNINITIALIZED                              276
diff --git a/crypto/openssl/ssl/bio_ssl.c b/crypto/openssl/ssl/bio_ssl.c
index d1876d8b8c1f4..ab9e6668cd57f 100644
--- a/crypto/openssl/ssl/bio_ssl.c
+++ b/crypto/openssl/ssl/bio_ssl.c
@@ -14,7 +14,7 @@
 #include <openssl/crypto.h>
 #include "internal/bio.h"
 #include <openssl/err.h>
-#include "ssl_locl.h"
+#include "ssl_local.h"
 
 static int ssl_write(BIO *h, const char *buf, size_t size, size_t *written);
 static int ssl_read(BIO *b, char *buf, size_t size, size_t *readbytes);
diff --git a/crypto/openssl/ssl/d1_lib.c b/crypto/openssl/ssl/d1_lib.c
index fcda32754735c..2a15ee8ad9654 100644
--- a/crypto/openssl/ssl/d1_lib.c
+++ b/crypto/openssl/ssl/d1_lib.c
@@ -11,7 +11,7 @@
 #include <stdio.h>
 #include <openssl/objects.h>
 #include <openssl/rand.h>
-#include "ssl_locl.h"
+#include "ssl_local.h"
 
 static void get_current_time(struct timeval *t);
 static int dtls1_handshake_write(SSL *s);
diff --git a/crypto/openssl/ssl/d1_msg.c b/crypto/openssl/ssl/d1_msg.c
index 6365b365e7f62..8a31064ae13f5 100644
--- a/crypto/openssl/ssl/d1_msg.c
+++ b/crypto/openssl/ssl/d1_msg.c
@@ -7,7 +7,7 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include "ssl_locl.h"
+#include "ssl_local.h"
 
 int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, size_t len,
                                size_t *written)
diff --git a/crypto/openssl/ssl/d1_srtp.c b/crypto/openssl/ssl/d1_srtp.c
index ff8f0c5712df5..c05a77e34668c 100644
--- a/crypto/openssl/ssl/d1_srtp.c
+++ b/crypto/openssl/ssl/d1_srtp.c
@@ -15,7 +15,7 @@
 
 #include <stdio.h>
 #include <openssl/objects.h>
-#include "ssl_locl.h"
+#include "ssl_local.h"
 
 #ifndef OPENSSL_NO_SRTP
 
diff --git a/crypto/openssl/ssl/methods.c b/crypto/openssl/ssl/methods.c
index 348efe467dbbc..c5e8898364cd7 100644
--- a/crypto/openssl/ssl/methods.c
+++ b/crypto/openssl/ssl/methods.c
@@ -9,7 +9,7 @@
 
 #include <stdio.h>
 #include <openssl/objects.h>
-#include "ssl_locl.h"
+#include "ssl_local.h"
 
 /*-
  * TLS/SSLv3 methods
diff --git a/crypto/openssl/ssl/packet.c b/crypto/openssl/ssl/packet.c
index 95031430ed668..1ddde969f3b23 100644
--- a/crypto/openssl/ssl/packet.c
+++ b/crypto/openssl/ssl/packet.c
@@ -8,7 +8,7 @@
  */
 
 #include "internal/cryptlib.h"
-#include "packet_locl.h"
+#include "packet_local.h"
 #include <openssl/sslerr.h>
 
 #define DEFAULT_BUF_SIZE    256
diff --git a/crypto/openssl/ssl/packet_locl.h b/crypto/openssl/ssl/packet_local.h
index 860360b8b2317..1b6c2fb9bc3fa 100644
--- a/crypto/openssl/ssl/packet_locl.h
+++ b/crypto/openssl/ssl/packet_local.h
@@ -7,8 +7,8 @@
  * https://www.openssl.org/source/license.html
  */
 
-#ifndef HEADER_PACKET_LOCL_H
-# define HEADER_PACKET_LOCL_H
+#ifndef OSSL_SSL_PACKET_LOCAL_H
+# define OSSL_SSL_PACKET_LOCAL_H
 
 # include <string.h>
 # include <openssl/bn.h>
@@ -871,4 +871,4 @@ unsigned char *WPACKET_get_curr(WPACKET *pkt);
 /* Release resources in a WPACKET if a failure has occurred. */
 void WPACKET_cleanup(WPACKET *pkt);
 
-#endif                          /* HEADER_PACKET_LOCL_H */
+#endif                          /* OSSL_SSL_PACKET_LOCAL_H */
diff --git a/crypto/openssl/ssl/pqueue.c b/crypto/openssl/ssl/pqueue.c
index 548a7a443d914..758440217d451 100644
--- a/crypto/openssl/ssl/pqueue.c
+++ b/crypto/openssl/ssl/pqueue.c
@@ -7,7 +7,7 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include "ssl_locl.h"
+#include "ssl_local.h"
 #include <openssl/bn.h>
 
 struct pqueue_st {
diff --git a/crypto/openssl/ssl/record/README b/crypto/openssl/ssl/record/README
index 987e9fd305d94..630fe8027af18 100644
--- a/crypto/openssl/ssl/record/README
+++ b/crypto/openssl/ssl/record/README
@@ -12,7 +12,7 @@ of these components is defined by:
 3) A set of accessor macros
 
 All struct definitions are in record.h. The functions and macros are either
-defined in record.h or record_locl.h dependent on whether they are intended to
+defined in record.h or record_local.h dependent on whether they are intended to
 be private to the record layer, or whether they form part of the API to the rest
 of libssl.
 
@@ -55,7 +55,7 @@ Conceptually it looks like this:
                    || rec_layer_d1.c     ||
                    ||____________________||
                    |______________________|
-        record_locl.h     ^   ^   ^
+        record_local.h     ^   ^   ^
          _________________|   |   |_________________
         |                     |                     |
    _____V_________      ______V________      _______V________
diff --git a/crypto/openssl/ssl/record/dtls1_bitmap.c b/crypto/openssl/ssl/record/dtls1_bitmap.c
index 5923c53717c9d..8167b41834045 100644
--- a/crypto/openssl/ssl/record/dtls1_bitmap.c
+++ b/crypto/openssl/ssl/record/dtls1_bitmap.c
@@ -7,8 +7,8 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include "../ssl_locl.h"
-#include "record_locl.h"
+#include "../ssl_local.h"
+#include "record_local.h"
 
 /* mod 128 saturating subtract of two 64-bit values in big-endian order */
 static int satsub64be(const unsigned char *v1, const unsigned char *v2)
diff --git a/crypto/openssl/ssl/record/rec_layer_d1.c b/crypto/openssl/ssl/record/rec_layer_d1.c
index cb5d54ef5a8f4..73ca8a6ee4b97 100644
--- a/crypto/openssl/ssl/record/rec_layer_d1.c
+++ b/crypto/openssl/ssl/record/rec_layer_d1.c
@@ -9,11 +9,11 @@
 
 #include <stdio.h>
 #include <errno.h>
-#include "../ssl_locl.h"
+#include "../ssl_local.h"
 #include <openssl/evp.h>
 #include <openssl/buffer.h>
-#include "record_locl.h"
-#include "../packet_locl.h"
+#include "record_local.h"
+#include "../packet_local.h"
 #include "internal/cryptlib.h"
 
 int DTLS_RECORD_LAYER_new(RECORD_LAYER *rl)
diff --git a/crypto/openssl/ssl/record/rec_layer_s3.c b/crypto/openssl/ssl/record/rec_layer_s3.c
index 982a06089c116..1c885a664f35e 100644
--- a/crypto/openssl/ssl/record/rec_layer_s3.c
+++ b/crypto/openssl/ssl/record/rec_layer_s3.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -10,15 +10,15 @@
 #include <stdio.h>
 #include <limits.h>
 #include <errno.h>
-#include "../ssl_locl.h"
+#include "../ssl_local.h"
 #include <openssl/evp.h>
 #include <openssl/buffer.h>
 #include <openssl/rand.h>
-#include "record_locl.h"
-#include "../packet_locl.h"
+#include "record_local.h"
+#include "../packet_local.h"
 
 #if     defined(OPENSSL_SMALL_FOOTPRINT) || \
-        !(      defined(AES_ASM) &&     ( \
+        !(      defined(AESNI_ASM) &&   ( \
                 defined(__x86_64)       || defined(__x86_64__)  || \
                 defined(_M_AMD64)       || defined(_M_X64)      ) \
         )
@@ -296,6 +296,12 @@ int ssl3_read_n(SSL *s, size_t n, size_t max, int extend, int clearold,
             ret = BIO_read(s->rbio, pkt + len + left, max - left);
             if (ret >= 0)
                 bioread = ret;
+            if (ret <= 0
+                    && !BIO_should_retry(s->rbio)
+                    && BIO_eof(s->rbio)) {
+                SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_SSL3_READ_N,
+                         SSL_R_UNEXPECTED_EOF_WHILE_READING);
+            }
         } else {
             SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_READ_N,
                      SSL_R_READ_BIO_NOT_SET);
diff --git a/crypto/openssl/ssl/record/record_locl.h b/crypto/openssl/ssl/record/record_local.h
index 5e8dd7f704420..5e8dd7f704420 100644
--- a/crypto/openssl/ssl/record/record_locl.h
+++ b/crypto/openssl/ssl/record/record_local.h
diff --git a/crypto/openssl/ssl/record/ssl3_buffer.c b/crypto/openssl/ssl/record/ssl3_buffer.c
index 53bd4cb190d0e..605f8f9b75be8 100644
--- a/crypto/openssl/ssl/record/ssl3_buffer.c
+++ b/crypto/openssl/ssl/record/ssl3_buffer.c
@@ -7,8 +7,8 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include "../ssl_locl.h"
-#include "record_locl.h"
+#include "../ssl_local.h"
+#include "record_local.h"
 
 void SSL3_BUFFER_set_data(SSL3_BUFFER *b, const unsigned char *d, size_t n)
 {
diff --git a/crypto/openssl/ssl/record/ssl3_record.c b/crypto/openssl/ssl/record/ssl3_record.c
index e59ac5a676761..ab5d22aa10cb1 100644
--- a/crypto/openssl/ssl/record/ssl3_record.c
+++ b/crypto/openssl/ssl/record/ssl3_record.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -7,10 +7,10 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include "../ssl_locl.h"
-#include "internal/constant_time_locl.h"
+#include "../ssl_local.h"
+#include "internal/constant_time.h"
 #include <openssl/rand.h>
-#include "record_locl.h"
+#include "record_local.h"
 #include "internal/cryptlib.h"
 
 static const unsigned char ssl3_pad_1[48] = {
@@ -559,7 +559,7 @@ int ssl3_get_record(SSL *s)
             RECORD_LAYER_reset_read_sequence(&s->rlayer);
             return 1;
         }
-        SSLfatal(s, SSL_AD_DECRYPTION_FAILED, SSL_F_SSL3_GET_RECORD,
+        SSLfatal(s, SSL_AD_BAD_RECORD_MAC, SSL_F_SSL3_GET_RECORD,
                  SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
         return -1;
     }
@@ -837,7 +837,7 @@ int ssl3_do_compress(SSL *ssl, SSL3_RECORD *wr)
  * SSLfatal() for internal errors, but not otherwise.
  *
  * Returns:
- *   0: (in non-constant time) if the record is publically invalid (i.e. too
+ *   0: (in non-constant time) if the record is publicly invalid (i.e. too
  *       short etc).
  *   1: if the record's padding is valid / the encryption was successful.
  *   -1: if the record's padding is invalid or, if sending, an internal error
@@ -928,7 +928,7 @@ int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, size_t n_recs, int sending)
  * internal errors, but not otherwise.
  *
  * Returns:
- *   0: (in non-constant time) if the record is publically invalid (i.e. too
+ *   0: (in non-constant time) if the record is publicly invalid (i.e. too
  *       short etc).
  *   1: if the record's padding is valid / the encryption was successful.
  *   -1: if the record's padding/AEAD-authenticator is invalid or, if sending,
@@ -1075,7 +1075,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending)
             } else if ((bs != 1) && sending) {
                 padnum = bs - (reclen[ctr] % bs);
 
-                /* Add weird padding of upto 256 bytes */
+                /* Add weird padding of up to 256 bytes */
 
                 if (padnum > MAX_PADDING) {
                     SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_ENC,
@@ -1610,6 +1610,7 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap)
     int imac_size;
     size_t mac_size;
     unsigned char md[EVP_MAX_MD_SIZE];
+    size_t max_plain_length = SSL3_RT_MAX_PLAIN_LENGTH;
 
     rr = RECORD_LAYER_get_rrec(&s->rlayer);
     sess = s->session;
@@ -1669,7 +1670,7 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap)
     enc_err = s->method->ssl3_enc->enc(s, rr, 1, 0);
     /*-
      * enc_err is:
-     *    0: (in non-constant time) if the record is publically invalid.
+     *    0: (in non-constant time) if the record is publicly invalid.
      *    1: if the padding is valid
      *   -1: if the padding is invalid
      */
@@ -1782,7 +1783,12 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap)
         }
     }
 
-    if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH) {
+    /* use current Max Fragment Length setting if applicable */
+    if (s->session != NULL && USE_MAX_FRAGMENT_LENGTH_EXT(s->session))
+        max_plain_length = GET_MAX_FRAGMENT_LENGTH(s->session);
+
+    /* send overflow if the plaintext is too long now it has passed MAC */
+    if (rr->length > max_plain_length) {
         SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_F_DTLS1_PROCESS_RECORD,
                  SSL_R_DATA_LENGTH_TOO_LONG);
         return 0;
@@ -1926,7 +1932,7 @@ int dtls1_get_record(SSL *s)
 
         /* If received packet overflows own-client Max Fragment Length setting */
         if (s->session != NULL && USE_MAX_FRAGMENT_LENGTH_EXT(s->session)
-                && rr->length > GET_MAX_FRAGMENT_LENGTH(s->session)) {
+                && rr->length > GET_MAX_FRAGMENT_LENGTH(s->session) + SSL3_RT_MAX_ENCRYPTED_OVERHEAD) {
             /* record too long, silently discard it */
             rr->length = 0;
             rr->read = 1;
diff --git a/crypto/openssl/ssl/record/ssl3_record_tls13.c b/crypto/openssl/ssl/record/ssl3_record_tls13.c
index a11ed483e6682..ab50e3762499e 100644
--- a/crypto/openssl/ssl/record/ssl3_record_tls13.c
+++ b/crypto/openssl/ssl/record/ssl3_record_tls13.c
@@ -7,8 +7,8 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include "../ssl_locl.h"
-#include "record_locl.h"
+#include "../ssl_local.h"
+#include "record_local.h"
 #include "internal/cryptlib.h"
 
 /*-
@@ -16,7 +16,7 @@
  * internal errors, but not otherwise.
  *
  * Returns:
- *    0: (in non-constant time) if the record is publically invalid (i.e. too
+ *    0: (in non-constant time) if the record is publicly invalid (i.e. too
  *        short etc).
  *    1: if the record encryption was successful.
  *   -1: if the record's AEAD-authenticator is invalid or, if sending,
diff --git a/crypto/openssl/ssl/s3_cbc.c b/crypto/openssl/ssl/s3_cbc.c
index 8377d7fe13dcb..aa7d63f84a9f3 100644
--- a/crypto/openssl/ssl/s3_cbc.c
+++ b/crypto/openssl/ssl/s3_cbc.c
@@ -7,8 +7,8 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include "internal/constant_time_locl.h"
-#include "ssl_locl.h"
+#include "internal/constant_time.h"
+#include "ssl_local.h"
 #include "internal/cryptlib.h"
 
 #include <openssl/md5.h>
diff --git a/crypto/openssl/ssl/s3_enc.c b/crypto/openssl/ssl/s3_enc.c
index 2e185e9fba9af..8a89f512fe608 100644
--- a/crypto/openssl/ssl/s3_enc.c
+++ b/crypto/openssl/ssl/s3_enc.c
@@ -9,7 +9,7 @@
  */
 
 #include <stdio.h>
-#include "ssl_locl.h"
+#include "ssl_local.h"
 #include <openssl/evp.h>
 #include <openssl/md5.h>
 #include "internal/cryptlib.h"
diff --git a/crypto/openssl/ssl/s3_lib.c b/crypto/openssl/ssl/s3_lib.c
index 066bf47221e25..a987604bcd0e6 100644
--- a/crypto/openssl/ssl/s3_lib.c
+++ b/crypto/openssl/ssl/s3_lib.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  * Copyright 2005 Nokia. All rights reserved.
  *
@@ -12,7 +12,7 @@
 #include <stdio.h>
 #include <openssl/objects.h>
 #include "internal/nelem.h"
-#include "ssl_locl.h"
+#include "ssl_local.h"
 #include <openssl/md5.h>
 #include <openssl/dh.h>
 #include <openssl/rand.h>
@@ -4639,7 +4639,7 @@ int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen,
         OPENSSL_clear_free(s->s3->tmp.psk, psklen);
         s->s3->tmp.psk = NULL;
         if (!s->method->ssl3_enc->generate_master_secret(s,
-                    s->session->master_key,pskpms, pskpmslen,
+                    s->session->master_key, pskpms, pskpmslen,
                     &s->session->master_key_length)) {
             OPENSSL_clear_free(pskpms, pskpmslen);
             /* SSLfatal() already called */
diff --git a/crypto/openssl/ssl/s3_msg.c b/crypto/openssl/ssl/s3_msg.c
index 42382547fb2ab..339fb2774a633 100644
--- a/crypto/openssl/ssl/s3_msg.c
+++ b/crypto/openssl/ssl/s3_msg.c
@@ -7,7 +7,7 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include "ssl_locl.h"
+#include "ssl_local.h"
 
 int ssl3_do_change_cipher_spec(SSL *s)
 {
diff --git a/crypto/openssl/ssl/ssl_asn1.c b/crypto/openssl/ssl/ssl_asn1.c
index b56c5e96c5301..799fee771ba51 100644
--- a/crypto/openssl/ssl/ssl_asn1.c
+++ b/crypto/openssl/ssl/ssl_asn1.c
@@ -10,7 +10,7 @@
 
 #include <stdio.h>
 #include <stdlib.h>
-#include "ssl_locl.h"
+#include "ssl_local.h"
 #include <openssl/asn1t.h>
 #include <openssl/x509.h>
 
diff --git a/crypto/openssl/ssl/ssl_cert.c b/crypto/openssl/ssl/ssl_cert.c
index 9df9fb96778d5..5d3e83f328974 100644
--- a/crypto/openssl/ssl/ssl_cert.c
+++ b/crypto/openssl/ssl/ssl_cert.c
@@ -20,7 +20,7 @@
 #include <openssl/bn.h>
 #include <openssl/crypto.h>
 #include "internal/refcount.h"
-#include "ssl_locl.h"
+#include "ssl_local.h"
 #include "ssl_cert_table.h"
 #include "internal/thread_once.h"
 
@@ -601,14 +601,6 @@ static unsigned long xname_hash(const X509_NAME *a)
     return X509_NAME_hash((X509_NAME *)a);
 }
 
-/**
- * Load CA certs from a file into a ::STACK. Note that it is somewhat misnamed;
- * it doesn't really have anything to do with clients (except that a common use
- * for a stack of CAs is to send it to the client). Actually, it doesn't have
- * much to do with CAs, either, since it will load any old cert.
- * \param file the file containing one or more certs.
- * \return a ::STACK containing the certs.
- */
 STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file)
 {
     BIO *in = BIO_new(BIO_s_file());
@@ -666,15 +658,6 @@ STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file)
     return ret;
 }
 
-/**
- * Add a file of certs to a stack.
- * \param stack the stack to add to.
- * \param file the file to add from. All certs in this file that are not
- * already in the stack will be added.
- * \return 1 for success, 0 for failure. Note that in the case of failure some
- * certs may have been added to \c stack.
- */
-
 int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
                                         const char *file)
 {
@@ -725,17 +708,6 @@ int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
     return ret;
 }
 
-/**
- * Add a directory of certs to a stack.
- * \param stack the stack to append to.
- * \param dir the directory to append from. All files in this directory will be
- * examined as potential certs. Any that are acceptable to
- * SSL_add_dir_cert_subjects_to_stack() that are not already in the stack will be
- * included.
- * \return 1 for success, 0 for failure. Note that in the case of failure some
- * certs may have been added to \c stack.
- */
-
 int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
                                        const char *dir)
 {
diff --git a/crypto/openssl/ssl/ssl_ciph.c b/crypto/openssl/ssl/ssl_ciph.c
index 27a1b2ec68b3d..735a483c64486 100644
--- a/crypto/openssl/ssl/ssl_ciph.c
+++ b/crypto/openssl/ssl/ssl_ciph.c
@@ -17,7 +17,7 @@
 #include <openssl/crypto.h>
 #include <openssl/conf.h>
 #include "internal/nelem.h"
-#include "ssl_locl.h"
+#include "ssl_local.h"
 #include "internal/thread_once.h"
 #include "internal/cryptlib.h"
 
@@ -92,7 +92,7 @@ static CRYPTO_ONCE ssl_load_builtin_comp_once = CRYPTO_ONCE_STATIC_INIT;
 
 /*
  * Constant SSL_MAX_DIGEST equal to size of digests array should be defined
- * in the ssl_locl.h
+ * in the ssl_local.h
  */
 
 #define SSL_MD_NUM_IDX  SSL_MAX_DIGEST
diff --git a/crypto/openssl/ssl/ssl_conf.c b/crypto/openssl/ssl/ssl_conf.c
index 9c202708d7d9d..8ef29bb345353 100644
--- a/crypto/openssl/ssl/ssl_conf.c
+++ b/crypto/openssl/ssl/ssl_conf.c
@@ -8,7 +8,7 @@
  */
 
 #include <stdio.h>
-#include "ssl_locl.h"
+#include "ssl_local.h"
 #include <openssl/conf.h>
 #include <openssl/objects.h>
 #include <openssl/dh.h>
diff --git a/crypto/openssl/ssl/ssl_err.c b/crypto/openssl/ssl/ssl_err.c
index 4b12ed1485d98..a0c7b79659d4d 100644
--- a/crypto/openssl/ssl/ssl_err.c
+++ b/crypto/openssl/ssl/ssl_err.c
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -1205,6 +1205,8 @@ static const ERR_STRING_DATA SSL_str_reasons[] = {
     "unexpected ccs message"},
     {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_END_OF_EARLY_DATA),
     "unexpected end of early data"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_EOF_WHILE_READING),
+    "unexpected eof while reading"},
     {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_MESSAGE), "unexpected message"},
     {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_RECORD), "unexpected record"},
     {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNINITIALIZED), "uninitialized"},
diff --git a/crypto/openssl/ssl/ssl_init.c b/crypto/openssl/ssl/ssl_init.c
index f0969fa9b1afa..d083d9597091a 100644
--- a/crypto/openssl/ssl/ssl_init.c
+++ b/crypto/openssl/ssl/ssl_init.c
@@ -12,7 +12,7 @@
 #include "internal/err.h"
 #include <openssl/crypto.h>
 #include <openssl/evp.h>
-#include "ssl_locl.h"
+#include "ssl_local.h"
 #include "internal/thread_once.h"
 
 static int stopped;
diff --git a/crypto/openssl/ssl/ssl_lib.c b/crypto/openssl/ssl/ssl_lib.c
index ac820cf9fe160..7c7e59789ccdc 100644
--- a/crypto/openssl/ssl/ssl_lib.c
+++ b/crypto/openssl/ssl/ssl_lib.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  * Copyright 2005 Nokia. All rights reserved.
  *
@@ -10,7 +10,7 @@
  */
 
 #include <stdio.h>
-#include "ssl_locl.h"
+#include "ssl_local.h"
 #include <openssl/objects.h>
 #include <openssl/x509v3.h>
 #include <openssl/rand.h>
@@ -2623,31 +2623,85 @@ char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size)
     return buf;
 }
 
-/** return a servername extension value if provided in Client Hello, or NULL.
- * So far, only host_name types are defined (RFC 3546).
+/**
+ * Return the requested servername (SNI) value. Note that the behaviour varies
+ * depending on:
+ * - whether this is called by the client or the server,
+ * - if we are before or during/after the handshake,
+ * - if a resumption or normal handshake is being attempted/has occurred
+ * - whether we have negotiated TLSv1.2 (or below) or TLSv1.3
+ * 
+ * Note that only the host_name type is defined (RFC 3546).
  */
-
 const char *SSL_get_servername(const SSL *s, const int type)
 {
+    /*
+     * If we don't know if we are the client or the server yet then we assume
+     * client.
+     */
+    int server = s->handshake_func == NULL ? 0 : s->server;
     if (type != TLSEXT_NAMETYPE_host_name)
         return NULL;
 
-    /*
-     * SNI is not negotiated in pre-TLS-1.3 resumption flows, so fake up an
-     * SNI value to return if we are resuming/resumed.  N.B. that we still
-     * call the relevant callbacks for such resumption flows, and callbacks
-     * might error out if there is not a SNI value available.
-     */
-    if (s->hit)
-        return s->session->ext.hostname;
+    if (server) {
+        /**
+         * Server side
+         * In TLSv1.3 on the server SNI is not associated with the session
+         * but in TLSv1.2 or below it is.
+         *
+         * Before the handshake:
+         *  - return NULL
+         *
+         * During/after the handshake (TLSv1.2 or below resumption occurred):
+         * - If a servername was accepted by the server in the original
+         *   handshake then it will return that servername, or NULL otherwise.
+         *
+         * During/after the handshake (TLSv1.2 or below resumption did not occur):
+         * - The function will return the servername requested by the client in
+         *   this handshake or NULL if none was requested.
+         */
+         if (s->hit && !SSL_IS_TLS13(s))
+            return s->session->ext.hostname;
+    } else {
+        /**
+         * Client side
+         *
+         * Before the handshake:
+         *  - If a servername has been set via a call to
+         *    SSL_set_tlsext_host_name() then it will return that servername
+         *  - If one has not been set, but a TLSv1.2 resumption is being
+         *    attempted and the session from the original handshake had a
+         *    servername accepted by the server then it will return that
+         *    servername
+         *  - Otherwise it returns NULL
+         *
+         * During/after the handshake (TLSv1.2 or below resumption occurred):
+         * - If the session from the orignal handshake had a servername accepted
+         *   by the server then it will return that servername.
+         * - Otherwise it returns the servername set via
+         *   SSL_set_tlsext_host_name() (or NULL if it was not called).
+         *
+         * During/after the handshake (TLSv1.2 or below resumption did not occur):
+         * - It will return the servername set via SSL_set_tlsext_host_name()
+         *   (or NULL if it was not called).
+         */
+        if (SSL_in_before(s)) {
+            if (s->ext.hostname == NULL
+                    && s->session != NULL
+                    && s->session->ssl_version != TLS1_3_VERSION)
+                return s->session->ext.hostname;
+        } else {
+            if (!SSL_IS_TLS13(s) && s->hit && s->session->ext.hostname != NULL)
+                return s->session->ext.hostname;
+        }
+    }
+
     return s->ext.hostname;
 }
 
 int SSL_get_servername_type(const SSL *s)
 {
-    if (s->session
-        && (!s->ext.hostname ? s->session->
-            ext.hostname : s->ext.hostname))
+    if (SSL_get_servername(s, TLSEXT_NAMETYPE_host_name) != NULL)
         return TLSEXT_NAMETYPE_host_name;
     return -1;
 }
diff --git a/crypto/openssl/ssl/ssl_locl.h b/crypto/openssl/ssl/ssl_local.h
index 25875c9f6d464..8ddbde7729651 100644
--- a/crypto/openssl/ssl/ssl_locl.h
+++ b/crypto/openssl/ssl/ssl_local.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  * Copyright 2005 Nokia. All rights reserved.
  *
@@ -9,8 +9,8 @@
  * https://www.openssl.org/source/license.html
  */
 
-#ifndef HEADER_SSL_LOCL_H
-# define HEADER_SSL_LOCL_H
+#ifndef OSSL_SSL_LOCAL_H
+# define OSSL_SSL_LOCAL_H
 
 # include "e_os.h"              /* struct timeval for DTLS */
 # include <stdlib.h>
@@ -30,7 +30,7 @@
 # include <openssl/ct.h>
 # include "record/record.h"
 # include "statem/statem.h"
-# include "packet_locl.h"
+# include "packet_local.h"
 # include "internal/dane.h"
 # include "internal/refcount.h"
 # include "internal/tsan_assist.h"
@@ -2581,7 +2581,7 @@ __owur int tls_check_sigalg_curve(const SSL *s, int curve);
 #  endif
 __owur int tls12_check_peer_sigalg(SSL *s, uint16_t, EVP_PKEY *pkey);
 __owur int ssl_set_client_disabled(SSL *s);
-__owur int ssl_cipher_disabled(SSL *s, const SSL_CIPHER *c, int op, int echde);
+__owur int ssl_cipher_disabled(const SSL *s, const SSL_CIPHER *c, int op, int echde);
 
 __owur int ssl_handshake_hash(SSL *s, unsigned char *out, size_t outlen,
                                  size_t *hashlen);
diff --git a/crypto/openssl/ssl/ssl_mcnf.c b/crypto/openssl/ssl/ssl_mcnf.c
index a0e2657714491..583df41669086 100644
--- a/crypto/openssl/ssl/ssl_mcnf.c
+++ b/crypto/openssl/ssl/ssl_mcnf.c
@@ -10,7 +10,7 @@
 #include <stdio.h>
 #include <openssl/conf.h>
 #include <openssl/ssl.h>
-#include "ssl_locl.h"
+#include "ssl_local.h"
 #include "internal/sslconf.h"
 
 /* SSL library configuration module. */
diff --git a/crypto/openssl/ssl/ssl_rsa.c b/crypto/openssl/ssl/ssl_rsa.c
index 172e15f920874..b9693527b3d2c 100644
--- a/crypto/openssl/ssl/ssl_rsa.c
+++ b/crypto/openssl/ssl/ssl_rsa.c
@@ -8,8 +8,8 @@
  */
 
 #include <stdio.h>
-#include "ssl_locl.h"
-#include "packet_locl.h"
+#include "ssl_local.h"
+#include "packet_local.h"
 #include <openssl/bio.h>
 #include <openssl/objects.h>
 #include <openssl/evp.h>
diff --git a/crypto/openssl/ssl/ssl_sess.c b/crypto/openssl/ssl/ssl_sess.c
index 52cfa7ef6d7f0..40c157bb42f83 100644
--- a/crypto/openssl/ssl/ssl_sess.c
+++ b/crypto/openssl/ssl/ssl_sess.c
@@ -13,8 +13,8 @@
 #include <openssl/engine.h>
 #include "internal/refcount.h"
 #include "internal/cryptlib.h"
-#include "ssl_locl.h"
-#include "statem/statem_locl.h"
+#include "ssl_local.h"
+#include "statem/statem_local.h"
 
 static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s);
 static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s);
diff --git a/crypto/openssl/ssl/ssl_stat.c b/crypto/openssl/ssl/ssl_stat.c
index 179513b1a3d0c..ca51c0331c228 100644
--- a/crypto/openssl/ssl/ssl_stat.c
+++ b/crypto/openssl/ssl/ssl_stat.c
@@ -9,7 +9,7 @@
  */
 
 #include <stdio.h>
-#include "ssl_locl.h"
+#include "ssl_local.h"
 
 const char *SSL_state_string_long(const SSL *s)
 {
diff --git a/crypto/openssl/ssl/ssl_txt.c b/crypto/openssl/ssl/ssl_txt.c
index cf6e4c3c05799..457bc8b3c20a9 100644
--- a/crypto/openssl/ssl/ssl_txt.c
+++ b/crypto/openssl/ssl/ssl_txt.c
@@ -10,7 +10,7 @@
 
 #include <stdio.h>
 #include <openssl/buffer.h>
-#include "ssl_locl.h"
+#include "ssl_local.h"
 
 #ifndef OPENSSL_NO_STDIO
 int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *x)
diff --git a/crypto/openssl/ssl/ssl_utst.c b/crypto/openssl/ssl/ssl_utst.c
index cea1bc2707a83..487f56e539351 100644
--- a/crypto/openssl/ssl/ssl_utst.c
+++ b/crypto/openssl/ssl/ssl_utst.c
@@ -7,7 +7,7 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include "ssl_locl.h"
+#include "ssl_local.h"
 
 #ifndef OPENSSL_NO_UNIT_TEST
 
diff --git a/crypto/openssl/ssl/statem/README b/crypto/openssl/ssl/statem/README
index 145c69db8d54c..86cc066372911 100644
--- a/crypto/openssl/ssl/statem/README
+++ b/crypto/openssl/ssl/statem/README
@@ -40,7 +40,7 @@ Conceptually the state machine component is designed as follows:
                    |                            |
                    |    Core state machine code |
                    |____________________________|
-        statem_locl.h     ^          ^
+        statem_local.h     ^          ^
                  _________|          |_______
                 |                            |
    _____________|____________   _____________|____________
diff --git a/crypto/openssl/ssl/statem/extensions.c b/crypto/openssl/ssl/statem/extensions.c
index 24410991b2999..4ef8b417b8207 100644
--- a/crypto/openssl/ssl/statem/extensions.c
+++ b/crypto/openssl/ssl/statem/extensions.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -10,8 +10,8 @@
 #include <string.h>
 #include "internal/nelem.h"
 #include "internal/cryptlib.h"
-#include "../ssl_locl.h"
-#include "statem_locl.h"
+#include "../ssl_local.h"
+#include "statem_local.h"
 #include "internal/cryptlib.h"
 
 static int final_renegotiate(SSL *s, unsigned int context, int sent);
@@ -94,7 +94,7 @@ typedef struct extensions_definition_st {
 /*
  * Definitions of all built-in extensions. NOTE: Changes in the number or order
  * of these extensions should be mirrored with equivalent changes to the
- * indexes ( TLSEXT_IDX_* ) defined in ssl_locl.h.
+ * indexes ( TLSEXT_IDX_* ) defined in ssl_local.h.
  * Each extension has an initialiser, a client and
  * server side parser and a finaliser. The initialiser is called (if the
  * extension is relevant to the given context) even if we did not see the
@@ -949,8 +949,7 @@ static int final_server_name(SSL *s, unsigned int context, int sent)
      * was successful.
      */
     if (s->server) {
-        /* TODO(OpenSSL1.2) revisit !sent case */
-        if (sent && ret == SSL_TLSEXT_ERR_OK && (!s->hit || SSL_IS_TLS13(s))) {
+        if (sent && ret == SSL_TLSEXT_ERR_OK && !s->hit) {
             /* Only store the hostname in the session if we accepted it. */
             OPENSSL_free(s->session->ext.hostname);
             s->session->ext.hostname = OPENSSL_strdup(s->ext.hostname);
@@ -1011,6 +1010,7 @@ static int final_server_name(SSL *s, unsigned int context, int sent)
         /* TLSv1.3 doesn't have warning alerts so we suppress this */
         if (!SSL_IS_TLS13(s))
             ssl3_send_alert(s, SSL3_AL_WARNING, altmp);
+        s->servername_done = 0;
         return 1;
 
     case SSL_TLSEXT_ERR_NOACK:
@@ -1449,7 +1449,7 @@ int tls_psk_do_binder(SSL *s, const EVP_MD *md, const unsigned char *msgstart,
     unsigned char finishedkey[EVP_MAX_MD_SIZE], tmpbinder[EVP_MAX_MD_SIZE];
     unsigned char *early_secret;
 #ifdef CHARSET_EBCDIC
-    static const unsigned char resumption_label[] = { 0x72, 0x65, 0x64, 0x20, 0x62, 0x69, 0x6E, 0x64, 0x65, 0x72, 0x00 };
+    static const unsigned char resumption_label[] = { 0x72, 0x65, 0x73, 0x20, 0x62, 0x69, 0x6E, 0x64, 0x65, 0x72, 0x00 };
     static const unsigned char external_label[]   = { 0x65, 0x78, 0x74, 0x20, 0x62, 0x69, 0x6E, 0x64, 0x65, 0x72, 0x00 };
 #else
     static const unsigned char resumption_label[] = "res binder";
diff --git a/crypto/openssl/ssl/statem/extensions_clnt.c b/crypto/openssl/ssl/statem/extensions_clnt.c
index f0ae642fa0985..bcce0f1d9534b 100644
--- a/crypto/openssl/ssl/statem/extensions_clnt.c
+++ b/crypto/openssl/ssl/statem/extensions_clnt.c
@@ -8,9 +8,9 @@
  */
 
 #include <openssl/ocsp.h>
-#include "../ssl_locl.h"
+#include "../ssl_local.h"
 #include "internal/cryptlib.h"
-#include "statem_locl.h"
+#include "statem_local.h"
 
 EXT_RETURN tls_construct_ctos_renegotiate(SSL *s, WPACKET *pkt,
                                           unsigned int context, X509 *x,
diff --git a/crypto/openssl/ssl/statem/extensions_cust.c b/crypto/openssl/ssl/statem/extensions_cust.c
index a4cdc81d68b92..a0ba18efa7047 100644
--- a/crypto/openssl/ssl/statem/extensions_cust.c
+++ b/crypto/openssl/ssl/statem/extensions_cust.c
@@ -10,9 +10,9 @@
 /* Custom extension utility functions */
 
 #include <openssl/ct.h>
-#include "../ssl_locl.h"
+#include "../ssl_local.h"
 #include "internal/cryptlib.h"
-#include "statem_locl.h"
+#include "statem_local.h"
 
 typedef struct {
     void *add_arg;
diff --git a/crypto/openssl/ssl/statem/extensions_srvr.c b/crypto/openssl/ssl/statem/extensions_srvr.c
index ab5453f63eccd..3b07c6b940f4b 100644
--- a/crypto/openssl/ssl/statem/extensions_srvr.c
+++ b/crypto/openssl/ssl/statem/extensions_srvr.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -8,8 +8,8 @@
  */
 
 #include <openssl/ocsp.h>
-#include "../ssl_locl.h"
-#include "statem_locl.h"
+#include "../ssl_local.h"
+#include "statem_local.h"
 #include "internal/cryptlib.h"
 
 #define COOKIE_STATE_FORMAT_VERSION     0
@@ -127,6 +127,10 @@ int tls_parse_ctos_server_name(SSL *s, PACKET *pkt, unsigned int context,
         return 0;
     }
 
+    /*
+     * In TLSv1.2 and below the SNI is associated with the session. In TLSv1.3
+     * we always use the SNI value from the handshake.
+     */
     if (!s->hit || SSL_IS_TLS13(s)) {
         if (PACKET_remaining(&hostname) > TLSEXT_MAXLEN_host_name) {
             SSLfatal(s, SSL_AD_UNRECOGNIZED_NAME,
@@ -155,8 +159,12 @@ int tls_parse_ctos_server_name(SSL *s, PACKET *pkt, unsigned int context,
         }
 
         s->servername_done = 1;
-    }
-    if (s->hit) {
+    } else {
+        /*
+         * In TLSv1.2 and below we should check if the SNI is consistent between
+         * the initial handshake and the resumption. In TLSv1.3 SNI is not
+         * associated with the session.
+         */
         /*
          * TODO(openssl-team): if the SNI doesn't match, we MUST
          * fall back to a full handshake.
@@ -164,9 +172,6 @@ int tls_parse_ctos_server_name(SSL *s, PACKET *pkt, unsigned int context,
         s->servername_done = (s->session->ext.hostname != NULL)
             && PACKET_equal(&hostname, s->session->ext.hostname,
                             strlen(s->session->ext.hostname));
-
-        if (!s->servername_done && s->session->ext.hostname != NULL)
-            s->ext.early_data_ok = 0;
     }
 
     return 1;
@@ -1330,8 +1335,14 @@ EXT_RETURN tls_construct_stoc_server_name(SSL *s, WPACKET *pkt,
                                           unsigned int context, X509 *x,
                                           size_t chainidx)
 {
-    if (s->hit || s->servername_done != 1
-            || s->ext.hostname == NULL)
+    if (s->servername_done != 1)
+        return EXT_RETURN_NOT_SENT;
+
+    /*
+     * Prior to TLSv1.3 we ignore any SNI in the current handshake if resuming.
+     * We just use the servername from the initial handshake.
+     */
+    if (s->hit && !SSL_IS_TLS13(s))
         return EXT_RETURN_NOT_SENT;
 
     if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_server_name)
diff --git a/crypto/openssl/ssl/statem/statem.c b/crypto/openssl/ssl/statem/statem.c
index e3c5ec003874b..20f5bd584e6c5 100644
--- a/crypto/openssl/ssl/statem/statem.c
+++ b/crypto/openssl/ssl/statem/statem.c
@@ -9,8 +9,8 @@
 
 #include "internal/cryptlib.h"
 #include <openssl/rand.h>
-#include "../ssl_locl.h"
-#include "statem_locl.h"
+#include "../ssl_local.h"
+#include "statem_local.h"
 #include <assert.h>
 
 /*
diff --git a/crypto/openssl/ssl/statem/statem_clnt.c b/crypto/openssl/ssl/statem/statem_clnt.c
index 6410414fb64a6..64e392cfbfc77 100644
--- a/crypto/openssl/ssl/statem/statem_clnt.c
+++ b/crypto/openssl/ssl/statem/statem_clnt.c
@@ -12,8 +12,8 @@
 #include <stdio.h>
 #include <time.h>
 #include <assert.h>
-#include "../ssl_locl.h"
-#include "statem_locl.h"
+#include "../ssl_local.h"
+#include "statem_local.h"
 #include <openssl/buffer.h>
 #include <openssl/rand.h>
 #include <openssl/objects.h>
diff --git a/crypto/openssl/ssl/statem/statem_dtls.c b/crypto/openssl/ssl/statem/statem_dtls.c
index b016fa7cff74e..8e3fb686ee272 100644
--- a/crypto/openssl/ssl/statem/statem_dtls.c
+++ b/crypto/openssl/ssl/statem/statem_dtls.c
@@ -10,8 +10,8 @@
 #include <limits.h>
 #include <string.h>
 #include <stdio.h>
-#include "../ssl_locl.h"
-#include "statem_locl.h"
+#include "../ssl_local.h"
+#include "statem_local.h"
 #include "internal/cryptlib.h"
 #include <openssl/buffer.h>
 #include <openssl/objects.h>
diff --git a/crypto/openssl/ssl/statem/statem_lib.c b/crypto/openssl/ssl/statem/statem_lib.c
index 22e9f0490e2d9..43d6fd5de941b 100644
--- a/crypto/openssl/ssl/statem/statem_lib.c
+++ b/crypto/openssl/ssl/statem/statem_lib.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
@@ -11,8 +11,8 @@
 #include <limits.h>
 #include <string.h>
 #include <stdio.h>
-#include "../ssl_locl.h"
-#include "statem_locl.h"
+#include "../ssl_local.h"
+#include "statem_local.h"
 #include "internal/cryptlib.h"
 #include <openssl/buffer.h>
 #include <openssl/objects.h>
@@ -169,17 +169,17 @@ static int get_cert_verify_tbs_data(SSL *s, unsigned char *tls13tbs,
                                     void **hdata, size_t *hdatalen)
 {
 #ifdef CHARSET_EBCDIC
-    static const char *servercontext = { 0x54, 0x4c, 0x53, 0x20, 0x31, 0x2e,
+    static const char servercontext[] = { 0x54, 0x4c, 0x53, 0x20, 0x31, 0x2e,
      0x33, 0x2c, 0x20, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x43, 0x65,
      0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x56, 0x65, 0x72,
      0x69, 0x66, 0x79, 0x00 };
-    static const char *clientcontext = { 0x54, 0x4c, 0x53, 0x20, 0x31, 0x2e,
+    static const char clientcontext[] = { 0x54, 0x4c, 0x53, 0x20, 0x31, 0x2e,
      0x33, 0x2c, 0x20, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x20, 0x43, 0x65,
      0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x56, 0x65, 0x72,
      0x69, 0x66, 0x79, 0x00 };
 #else
-    static const char *servercontext = "TLS 1.3, server CertificateVerify";
-    static const char *clientcontext = "TLS 1.3, client CertificateVerify";
+    static const char servercontext[] = "TLS 1.3, server CertificateVerify";
+    static const char clientcontext[] = "TLS 1.3, client CertificateVerify";
 #endif
     if (SSL_IS_TLS13(s)) {
         size_t hashlen;
@@ -844,9 +844,11 @@ MSG_PROCESS_RETURN tls_process_finished(SSL *s, PACKET *pkt)
                 return MSG_PROCESS_ERROR;
             }
         } else {
+            /* TLS 1.3 gets the secret size from the handshake md */
+            size_t dummy;
             if (!s->method->ssl3_enc->generate_master_secret(s,
                     s->master_secret, s->handshake_secret, 0,
-                    &s->session->master_key_length)) {
+                    &dummy)) {
                 /* SSLfatal() already called */
                 return MSG_PROCESS_ERROR;
             }
@@ -1033,14 +1035,25 @@ WORK_STATE tls_finish_handshake(SSL *s, WORK_STATE wst, int clearbufs, int stop)
     int cleanuphand = s->statem.cleanuphand;
 
     if (clearbufs) {
-        if (!SSL_IS_DTLS(s)) {
+        if (!SSL_IS_DTLS(s)
+#ifndef OPENSSL_NO_SCTP
             /*
-             * We don't do this in DTLS because we may still need the init_buf
+             * RFC6083: SCTP provides a reliable and in-sequence transport service for DTLS
+             * messages that require it. Therefore, DTLS procedures for retransmissions
+             * MUST NOT be used.
+             * Hence the init_buf can be cleared when DTLS over SCTP as transport is used.
+             */
+            || BIO_dgram_is_sctp(SSL_get_wbio(s))
+#endif
+            ) {
+            /*
+             * We don't do this in DTLS over UDP because we may still need the init_buf
              * in case there are any unexpected retransmits
              */
             BUF_MEM_free(s->init_buf);
             s->init_buf = NULL;
         }
+
         if (!ssl_free_wbio_buffer(s)) {
             SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_FINISH_HANDSHAKE,
                      ERR_R_INTERNAL_ERROR);
diff --git a/crypto/openssl/ssl/statem/statem_locl.h b/crypto/openssl/ssl/statem/statem_local.h
index e27c0c13a2bbd..e27c0c13a2bbd 100644
--- a/crypto/openssl/ssl/statem/statem_locl.h
+++ b/crypto/openssl/ssl/statem/statem_local.h
diff --git a/crypto/openssl/ssl/statem/statem_srvr.c b/crypto/openssl/ssl/statem/statem_srvr.c
index 8cf9c40d15c00..14cb27e6db010 100644
--- a/crypto/openssl/ssl/statem/statem_srvr.c
+++ b/crypto/openssl/ssl/statem/statem_srvr.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  * Copyright 2005 Nokia. All rights reserved.
  *
@@ -10,9 +10,9 @@
  */
 
 #include <stdio.h>
-#include "../ssl_locl.h"
-#include "statem_locl.h"
-#include "internal/constant_time_locl.h"
+#include "../ssl_local.h"
+#include "statem_local.h"
+#include "internal/constant_time.h"
 #include "internal/cryptlib.h"
 #include <openssl/buffer.h>
 #include <openssl/rand.h>
@@ -23,9 +23,24 @@
 #include <openssl/dh.h>
 #include <openssl/bn.h>
 #include <openssl/md5.h>
+#include <openssl/asn1t.h>
 
 #define TICKET_NONCE_SIZE       8
 
+typedef struct {
+  ASN1_TYPE *kxBlob;
+  ASN1_TYPE *opaqueBlob;
+} GOST_KX_MESSAGE;
+
+DECLARE_ASN1_FUNCTIONS(GOST_KX_MESSAGE)
+
+ASN1_SEQUENCE(GOST_KX_MESSAGE) = {
+  ASN1_SIMPLE(GOST_KX_MESSAGE,  kxBlob, ASN1_ANY),
+  ASN1_OPT(GOST_KX_MESSAGE, opaqueBlob, ASN1_ANY),
+} ASN1_SEQUENCE_END(GOST_KX_MESSAGE)
+
+IMPLEMENT_ASN1_FUNCTIONS(GOST_KX_MESSAGE)
+
 static int tls_construct_encrypted_extensions(SSL *s, WPACKET *pkt);
 
 /*
@@ -728,7 +743,15 @@ WORK_STATE ossl_statem_server_pre_work(SSL *s, WORK_STATE wst)
     case TLS_ST_SW_CHANGE:
         if (SSL_IS_TLS13(s))
             break;
-        s->session->cipher = s->s3->tmp.new_cipher;
+        /* Writes to s->session are only safe for initial handshakes */
+        if (s->session->cipher == NULL) {
+            s->session->cipher = s->s3->tmp.new_cipher;
+        } else if (s->session->cipher != s->s3->tmp.new_cipher) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_OSSL_STATEM_SERVER_PRE_WORK,
+                     ERR_R_INTERNAL_ERROR);
+            return WORK_ERROR;
+        }
         if (!s->method->ssl3_enc->setup_key_block(s)) {
             /* SSLfatal() already called */
             return WORK_ERROR;
@@ -932,9 +955,11 @@ WORK_STATE ossl_statem_server_post_work(SSL *s, WORK_STATE wst)
         }
 #endif
         if (SSL_IS_TLS13(s)) {
+            /* TLS 1.3 gets the secret size from the handshake md */
+            size_t dummy;
             if (!s->method->ssl3_enc->generate_master_secret(s,
                         s->master_secret, s->handshake_secret, 0,
-                        &s->session->master_key_length)
+                        &dummy)
                 || !s->method->ssl3_enc->change_cipher_state(s,
                         SSL3_CC_APPLICATION | SSL3_CHANGE_CIPHER_SERVER_WRITE))
             /* SSLfatal() already called */
@@ -3320,9 +3345,9 @@ static int tls_process_cke_gost(SSL *s, PACKET *pkt)
     const unsigned char *start;
     size_t outlen = 32, inlen;
     unsigned long alg_a;
-    unsigned int asn1id, asn1len;
+    GOST_KX_MESSAGE *pKX = NULL;
+    const unsigned char *ptr;
     int ret = 0;
-    PACKET encdata;
 
     /* Get our certificate private key */
     alg_a = s->s3->tmp.new_cipher->algorithm_auth;
@@ -3363,42 +3388,33 @@ static int tls_process_cke_gost(SSL *s, PACKET *pkt)
         if (EVP_PKEY_derive_set_peer(pkey_ctx, client_pub_pkey) <= 0)
             ERR_clear_error();
     }
-    /* Decrypt session key */
-    if (!PACKET_get_1(pkt, &asn1id)
-            || asn1id != (V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED)
-            || !PACKET_peek_1(pkt, &asn1len)) {
-        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CKE_GOST,
-                 SSL_R_DECRYPTION_FAILED);
-        goto err;
+
+    ptr = PACKET_data(pkt);
+    /* Some implementations provide extra data in the opaqueBlob
+     * We have nothing to do with this blob so we just skip it */
+    pKX = d2i_GOST_KX_MESSAGE(NULL, &ptr, PACKET_remaining(pkt));
+    if (pKX == NULL
+       || pKX->kxBlob == NULL
+       || ASN1_TYPE_get(pKX->kxBlob) != V_ASN1_SEQUENCE) {
+         SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CKE_GOST,
+                  SSL_R_DECRYPTION_FAILED);
+         goto err;
     }
-    if (asn1len == 0x81) {
-        /*
-         * Long form length. Should only be one byte of length. Anything else
-         * isn't supported.
-         * We did a successful peek before so this shouldn't fail
-         */
-        if (!PACKET_forward(pkt, 1)) {
-            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_GOST,
-                     SSL_R_DECRYPTION_FAILED);
-            goto err;
-        }
-    } else  if (asn1len >= 0x80) {
-        /*
-         * Indefinite length, or more than one long form length bytes. We don't
-         * support it
-         */
-        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CKE_GOST,
+
+    if (!PACKET_forward(pkt, ptr - PACKET_data(pkt))) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_GOST,
                  SSL_R_DECRYPTION_FAILED);
         goto err;
-    } /* else short form length */
+    }
 
-    if (!PACKET_as_length_prefixed_1(pkt, &encdata)) {
-        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CKE_GOST,
+    if (PACKET_remaining(pkt) != 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_GOST,
                  SSL_R_DECRYPTION_FAILED);
         goto err;
     }
-    inlen = PACKET_remaining(&encdata);
-    start = PACKET_data(&encdata);
+
+    inlen = pKX->kxBlob->value.sequence->length;
+    start = pKX->kxBlob->value.sequence->data;
 
     if (EVP_PKEY_decrypt(pkey_ctx, premaster_secret, &outlen, start,
                          inlen) <= 0) {
@@ -3420,6 +3436,7 @@ static int tls_process_cke_gost(SSL *s, PACKET *pkt)
     ret = 1;
  err:
     EVP_PKEY_CTX_free(pkey_ctx);
+    GOST_KX_MESSAGE_free(pKX);
     return ret;
 #else
     /* Should never happen */
diff --git a/crypto/openssl/ssl/t1_enc.c b/crypto/openssl/ssl/t1_enc.c
index 57fb17a66031b..c85c0b0310e15 100644
--- a/crypto/openssl/ssl/t1_enc.c
+++ b/crypto/openssl/ssl/t1_enc.c
@@ -9,7 +9,7 @@
  */
 
 #include <stdio.h>
-#include "ssl_locl.h"
+#include "ssl_local.h"
 #include <openssl/comp.h>
 #include <openssl/evp.h>
 #include <openssl/kdf.h>
@@ -466,7 +466,7 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
         unsigned char hash[EVP_MAX_MD_SIZE * 2];
         size_t hashlen;
         /*
-         * Digest cached records keeping record buffer (if present): this wont
+         * Digest cached records keeping record buffer (if present): this won't
          * affect client auth because we're freezing the buffer at the same
          * point (after client key exchange and before certificate verify)
          */
diff --git a/crypto/openssl/ssl/t1_lib.c b/crypto/openssl/ssl/t1_lib.c
index b482019c4c17f..a254fd5a05591 100644
--- a/crypto/openssl/ssl/t1_lib.c
+++ b/crypto/openssl/ssl/t1_lib.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -18,10 +18,11 @@
 #include <openssl/dh.h>
 #include <openssl/bn.h>
 #include "internal/nelem.h"
-#include "ssl_locl.h"
+#include "ssl_local.h"
 #include <openssl/ct.h>
 
 static const SIGALG_LOOKUP *find_sig_alg(SSL *s, X509 *x, EVP_PKEY *pkey);
+static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu);
 
 SSL3_ENC_METHOD const TLSv1_enc_data = {
     tls1_enc,
@@ -849,8 +850,11 @@ static int rsa_pss_check_min_key_size(const RSA *rsa, const SIGALG_LOOKUP *lu)
 }
 
 /*
- * Return a signature algorithm for TLS < 1.2 where the signature type
- * is fixed by the certificate type.
+ * Returns a signature algorithm when the peer did not send a list of supported
+ * signature algorithms. The signature algorithm is fixed for the certificate
+ * type. |idx| is a certificate type index (SSL_PKEY_*). When |idx| is -1 the
+ * certificate type from |s| will be used.
+ * Returns the signature algorithm to use, or NULL on error.
  */
 static const SIGALG_LOOKUP *tls1_get_legacy_sigalg(const SSL *s, int idx)
 {
@@ -893,8 +897,12 @@ static const SIGALG_LOOKUP *tls1_get_legacy_sigalg(const SSL *s, int idx)
 
         if (!tls1_lookup_md(lu, NULL))
             return NULL;
+        if (!tls12_sigalg_allowed(s, SSL_SECOP_SIGALG_SUPPORTED, lu))
+            return NULL;
         return lu;
     }
+    if (!tls12_sigalg_allowed(s, SSL_SECOP_SIGALG_SUPPORTED, &legacy_rsa_sigalg))
+        return NULL;
     return &legacy_rsa_sigalg;
 }
 /* Set peer sigalg based key type */
@@ -984,6 +992,31 @@ int tls_check_sigalg_curve(const SSL *s, int curve)
 #endif
 
 /*
+ * Return the number of security bits for the signature algorithm, or 0 on
+ * error.
+ */
+static int sigalg_security_bits(const SIGALG_LOOKUP *lu)
+{
+    const EVP_MD *md = NULL;
+    int secbits = 0;
+
+    if (!tls1_lookup_md(lu, &md))
+        return 0;
+    if (md != NULL)
+    {
+        /* Security bits: half digest bits */
+        secbits = EVP_MD_size(md) * 4;
+    } else {
+        /* Values from https://tools.ietf.org/html/rfc8032#section-8.5 */
+        if (lu->sigalg == TLSEXT_SIGALG_ed25519)
+            secbits = 128;
+        else if (lu->sigalg == TLSEXT_SIGALG_ed448)
+            secbits = 224;
+    }
+    return secbits;
+}
+
+/*
  * Check signature algorithm is consistent with sent supported signature
  * algorithms and if so set relevant digest and signature scheme in
  * s.
@@ -996,6 +1029,7 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey)
     size_t sent_sigslen, i, cidx;
     int pkeyid = EVP_PKEY_id(pkey);
     const SIGALG_LOOKUP *lu;
+    int secbits = 0;
 
     /* Should never happen */
     if (pkeyid == -1)
@@ -1097,20 +1131,20 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey)
                  SSL_R_UNKNOWN_DIGEST);
         return 0;
     }
-    if (md != NULL) {
-        /*
-         * Make sure security callback allows algorithm. For historical
-         * reasons we have to pass the sigalg as a two byte char array.
-         */
-        sigalgstr[0] = (sig >> 8) & 0xff;
-        sigalgstr[1] = sig & 0xff;
-        if (!ssl_security(s, SSL_SECOP_SIGALG_CHECK,
-                    EVP_MD_size(md) * 4, EVP_MD_type(md),
-                    (void *)sigalgstr)) {
-            SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS12_CHECK_PEER_SIGALG,
-                     SSL_R_WRONG_SIGNATURE_TYPE);
-            return 0;
-        }
+    /*
+     * Make sure security callback allows algorithm. For historical
+     * reasons we have to pass the sigalg as a two byte char array.
+     */
+    sigalgstr[0] = (sig >> 8) & 0xff;
+    sigalgstr[1] = sig & 0xff;
+    secbits = sigalg_security_bits(lu);
+    if (secbits == 0 ||
+        !ssl_security(s, SSL_SECOP_SIGALG_CHECK, secbits,
+                      md != NULL ? EVP_MD_type(md) : NID_undef,
+                      (void *)sigalgstr)) {
+        SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS12_CHECK_PEER_SIGALG,
+                 SSL_R_WRONG_SIGNATURE_TYPE);
+        return 0;
     }
     /* Store the sigalg the peer uses */
     s->s3->tmp.peer_sigalg = lu;
@@ -1176,7 +1210,7 @@ int ssl_set_client_disabled(SSL *s)
  *
  * Returns 1 when it's disabled, 0 when enabled.
  */
-int ssl_cipher_disabled(SSL *s, const SSL_CIPHER *c, int op, int ecdhe)
+int ssl_cipher_disabled(const SSL *s, const SSL_CIPHER *c, int op, int ecdhe)
 {
     if (c->algorithm_mkey & s->s3->tmp.mask_k
         || c->algorithm_auth & s->s3->tmp.mask_a)
@@ -1556,7 +1590,7 @@ SSL_TICKET_STATUS tls_decrypt_ticket(SSL *s, const unsigned char *etick,
 }
 
 /* Check to see if a signature algorithm is allowed */
-static int tls12_sigalg_allowed(SSL *s, int op, const SIGALG_LOOKUP *lu)
+static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu)
 {
     unsigned char sigalgstr[2];
     int secbits;
@@ -1617,11 +1651,8 @@ static int tls12_sigalg_allowed(SSL *s, int op, const SIGALG_LOOKUP *lu)
         }
     }
 
-    if (lu->hash == NID_undef)
-        return 1;
-    /* Security bits: half digest bits */
-    secbits = EVP_MD_size(ssl_md(lu->hash_idx)) * 4;
     /* Finally see if security callback allows it */
+    secbits = sigalg_security_bits(lu);
     sigalgstr[0] = (lu->sigalg >> 8) & 0xff;
     sigalgstr[1] = lu->sigalg & 0xff;
     return ssl_security(s, op, secbits, lu->hash, (void *)sigalgstr);
@@ -2774,6 +2805,26 @@ int tls_choose_sigalg(SSL *s, int fatalerrs)
 #endif
                         break;
                 }
+#ifndef OPENSSL_NO_GOST
+                /*
+                 * Some Windows-based implementations do not send GOST algorithms indication
+                 * in supported_algorithms extension, so when we have GOST-based ciphersuite,
+                 * we have to assume GOST support.
+                 */
+                if (i == s->shared_sigalgslen && s->s3->tmp.new_cipher->algorithm_auth & (SSL_aGOST01 | SSL_aGOST12)) {
+                  if ((lu = tls1_get_legacy_sigalg(s, -1)) == NULL) {
+                    if (!fatalerrs)
+                      return 1;
+                    SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+                             SSL_F_TLS_CHOOSE_SIGALG,
+                             SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM);
+                    return 0;
+                  } else {
+                    i = 0;
+                    sig_idx = lu->sig_idx;
+                  }
+                }
+#endif
                 if (i == s->shared_sigalgslen) {
                     if (!fatalerrs)
                         return 1;
diff --git a/crypto/openssl/ssl/t1_trce.c b/crypto/openssl/ssl/t1_trce.c
index be3039af38223..5c84339314cdf 100644
--- a/crypto/openssl/ssl/t1_trce.c
+++ b/crypto/openssl/ssl/t1_trce.c
@@ -7,7 +7,7 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include "ssl_locl.h"
+#include "ssl_local.h"
 
 #ifndef OPENSSL_NO_SSL_TRACE
 
@@ -1246,8 +1246,9 @@ static int ssl_print_certificates(BIO *bio, const SSL *ssl, int server,
     while (clen > 0) {
         if (!ssl_print_certificate(bio, indent + 2, &msg, &clen))
             return 0;
-        if (!ssl_print_extensions(bio, indent + 2, server, SSL3_MT_CERTIFICATE,
-                                  &msg, &clen))
+        if (SSL_IS_TLS13(ssl)
+            && !ssl_print_extensions(bio, indent + 2, server,
+                                     SSL3_MT_CERTIFICATE, &msg, &clen))
             return 0;
 
     }
diff --git a/crypto/openssl/ssl/tls13_enc.c b/crypto/openssl/ssl/tls13_enc.c
index b5f57a02f747f..86754dc9677ca 100644
--- a/crypto/openssl/ssl/tls13_enc.c
+++ b/crypto/openssl/ssl/tls13_enc.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -8,7 +8,7 @@
  */
 
 #include <stdlib.h>
-#include "ssl_locl.h"
+#include "ssl_local.h"
 #include "internal/cryptlib.h"
 #include <openssl/evp.h>
 #include <openssl/kdf.h>
@@ -44,7 +44,7 @@ int tls13_hkdf_expand(SSL *s, const EVP_MD *md, const unsigned char *secret,
      * prefix and label + bytes for the label itself + 1 byte length of hash
      * + bytes for the hash itself
      */
-    unsigned char hkdflabel[sizeof(uint16_t) + sizeof(uint8_t) +
+    unsigned char hkdflabel[sizeof(uint16_t) + sizeof(uint8_t)
                             + (sizeof(label_prefix) - 1) + TLS13_MAX_LABEL_LEN
                             + 1 + EVP_MAX_MD_SIZE];
     WPACKET pkt;
diff --git a/crypto/openssl/ssl/tls_srp.c b/crypto/openssl/ssl/tls_srp.c
index f94e46b4e872c..ede7427ff89db 100644
--- a/crypto/openssl/ssl/tls_srp.c
+++ b/crypto/openssl/ssl/tls_srp.c
@@ -14,7 +14,7 @@
 #include <openssl/crypto.h>
 #include <openssl/rand.h>
 #include <openssl/err.h>
-#include "ssl_locl.h"
+#include "ssl_local.h"
 
 #ifndef OPENSSL_NO_SRP
 # include <openssl/srp.h>